[Date Prev][Date Next] [Chronological] [Thread] [Top]

Inappropriate authentication using {md5} or {sha} ...

To: openldap-software@OpenLDAP.org
Subject: Inappropriate authentication using {md5} or {sha} ...
From: Frank Koenen <fkoenen@vonworld.com>
Date: Thu, 18 May 100 20:36:52 -0500 (CDT)

I'm trying to set the "rootpw" value in my slapd.conf file using MD5,
or SHA.  If I use {crypt} or plaintext I don't have a problem. Can you
tell what I'm doing wrong or what I'm missing?

After I enter the password "Secret4" to the command:
ldapadd -v -h develop.medrepublic.com -D "cn=Manager, dc=MedRepublic, dc=com" -W <<- !!
dn: dc=MedRepublic, dc=com
dc: medrepublic.com
o: MedReublic Organization
objectclass: organization
dn: cn=Manager, dc=MedRepublic, dc=com
cn: Manager
sn: Manager
objectclass: person
!!

I get the message: 
Enter LDAP Password: Secret4
ldap_bind: Inappropriate authentication

Here is my "slapd.conf" file:
#---------------------------------------------------------
include         /usr/local/etc/openldap/slapd.at.conf
include         /usr/local/etc/openldap/slapd.oc.conf

schemacheck     off
#referral       ldap://root.openldap.org/

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=medrepublic, dc=com"
rootdn          "cn=Manager, dc=medrepublic, dc=com"
#rootpw         Secret4
rootpw          {md5}JDEkTmUkaFRPOVRSMnYwYml6aE5uZjBPQlRqLw==
#rootpw         {CRYPT}OMIpblf7N.TuI
#rootpw         {SHA}/UL4x0SR0Xq5L9mlddZnSm3pmG1iVw==
directory       /home/medrepublic/develop/data/ldap
#---------------------------------------------------------

Here is how I derived the "md5" and the "sha" passwords:
#---------------------------------------------------------
#!/usr/bin/perl
use Crypt::PasswdMD5;
use String::Random;
use MIME::Base64;
use SHA;

if ( $#ARGV != 0 ) {
 print STDERR "cryptword: Usage:\n";
 print STDERR "     cryptword {word}\n";
 exit(1);
}

$randomfoo = new String::Random;
$salt = $randomfoo->randpattern("ss");

$password  = $ARGV[0]; shift;

print "The DES encrypted password for $password is: {crypt}";
print crypt($password,$salt), "\n";

$cryptedpassword = unix_md5_crypt($password, $salt);

print "The MD5 encrypted password for $password is: {md5}";
$encoded = encode_base64($cryptedpassword);
#print "${cryptedpassword} ${encoded}\n";
print "${encoded}";

$sha = new SHA;
$newsalt = pack ("H*", $salt);
$hash = $sha->hash ($password . $newsalt);
#printf ("%s ", unpack ("H*", $hash));
print "The SHA encrypted password for $password is: {sha}";
print encode_base64 ($hash . $salt, "");

exit(0);
#---------------------------------------------------------

Example execution of "cryptword":
# cryptword Secret4
The DES encrypted password for Secret4 is: {crypt}n3vmujR3T5fcU
The MD5 encrypted password for Secret4 is: {md5}JDEkbjMkTVZsWG5jcHFScUovMmxidzdwSDNYLg==
The SHA encrypted password for Secret4 is: {sha}VlNqRC/0HJCfiftkKwoTE8yMTMVuMw==


Your assistance is appreciated.

-- 
Frank Koenen
Director of Technical Services
Monet Technologies Inc.
Email: fkoenen@vonworld.com Voice: 1-312-372-7500 x204 Fax: 1-312-372-6020

Visit us on the web: WWW.VIRTUALMONET.COM

Follow-Ups:
- Re: Inappropriate authentication using {md5} or {sha} ...
  - From: Doug Nazar <nazard@dragoninc.on.ca>
- Re: Inappropriate authentication using {md5} or {sha} ...
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Inappropriate authentication using {md5} or {sha} ...
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: PTH support in OpenLDAP 1.x
Next by Date: Re: Inappropriate authentication using {md5} or {sha} ...
Index(es):
- Chronological
- Thread