[Date Prev][Date Next] [Chronological] [Thread] [Top]

I need help badly: Password Encryption Problem?

To: Kurt@OpenLDAP.org
Subject: I need help badly: Password Encryption Problem?
From: Rajat <linuxcurry@yahoo.com>
Date: Wed, 9 Jan 2002 02:43:22 -0800 (PST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <5.1.0.14.0.20020108195626.016f5838@127.0.0.1>

Hi Kurt,

I would be gratefull to you if you could let me know
what crypt salt to use to make the userPassword crypt
by default, when i add a LDIF entry.

i mean i have openldap 2.0.19 and qmail-1.03 with
qmail-ldap patch for ldap authentication.

when i add an entry in openldap ( my slapd.conf looks
like --->>
password-has {crypt}
password-crypt-salt-format  "%.8s"

)

and i try to authenticate using qmail-pop3d it doesn
authenticates and gives authentication error,
WHEREAS if i encrypt using GQ LDAP CLIENT using its
CRYPT SCHEME
... i get authenticatred successfully on qmail-pop3d
???

Also if i use GQ LDAP CLIENT to view a users entry or
i use qmail-ldaplookup program to lookup a users
entry, i get the users password in clear text, though
i had specified in the slapd.conf the encryption
scheme and salt.

Whereas if i use GQ LDAP CLIENT to encrypt the
userPassword in crypt scheme, and i get the correct
output of qmail-ldaplookup program shownign the users
password in proper crypt output, and even ldapsearch
gives the proper crypt output of the user.


please let me know what salt method should i use or ay
other way so that when i bulkadd users ( in 100,000
!!! ) i get automatically encrypted passwords in
correct form.

I realize GQ is uses something like a standard
two-byte salt, using libcrypto (from OpenSSL) to
generate a random byte, and base64-encoding that byte
into two ASCII bytes:

     RAND_pseudo_bytes(rand, 8);
     b64_encode(salt, rand, 8);
[...]
     salt->str[2] = 0;

So what should i do to get the same type of encryption
by modifying my slapd.conf or something else to get
the same effect. and hence getting authenticated on
qmail-pop3d.

Am really looking forward to your reply, though i know
you might be busy, but i would really appreciate if
you could help me out and save me!!

Thanks for your help in advance!

Regards
Rajat

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

References:
- Re: Password Program of LDAP, SASL, and Kerberos
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Storing COM objects
Next by Date: Re: error message
Index(es):
- Chronological
- Thread