[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypting password



Hi Kurt,

Thank you for the suggestion.

I tried sending a mail to Lists@Openldap.org with the body

  get openldap-devel@OpenLDAP.org /slapd/tools/slappasswd

but it doesn't work. A reply mail says there is no such file.

Just want to find out if there is what you meant.

Regarding Sha hash, the hash value is supposed to be 20 bytes according to
literature but here is a sample has value i got from netscape ldap:

{SHA}H4LJQr79optu1IelHaGZ94/OfwU=

It is more than 20 bytes. When i copy this string over to my qmail-ldap,
it still works ie can still do pop login.

Can slappasswd generate the hash pattern as above?

Thanks.
syw

-----Original Message-----
From: Kurt D. Zeilenga <Kurt@OpenLDAP.Org>
To: syw <ywshum@2bsure.com>
Cc: openldap-devel@OpenLDAP.Org <openldap-devel@OpenLDAP.Org>
Date: Wednesday, January 05, 2000 1:08 PM
Subject: Re: Encrypting password


>At 11:39 AM 1/5/00 +0800, syw wrote: 
>>I read the man pages of slapd.conf and they recommend encrypting
>>the root password with SHA, MD5 or CRYPT instead of cleartext password).
>>
>>Question is, where do i get the tools to do this encryption and
>>decryption, are they available in Linux?
>
>First, one must be careful when using the term "encrypt".
>In the case of userPassword and rootpw, the password value
>is not encrypted, it is hashed using one-way algorithm.
>The algorithms are special in that they are designed (some
>better than others) such that it is computationally
>infeasible to determine an input which would generate
>the stored hash.  When used in password systems, the
>verify "hashes" the user input and compares this with
>the stored hash value.  If they are the same, it is assumed
>that the user input and the original string which produced
>the stored hash are the same and the user is authenticated.
>
>Second, for OpenLDAP-devel, see slapd/tools/slappasswd.
>For other versions of OpenLDAP, see htpasswd from Apache,
>or various perl (or whatever) scripts, or cut and paste
>from your password file, or...
>
>
>