[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password consistancy in the LDAP database
I haven't personally tried that but you can use 'cpu'
tool that can be found freshmeat. Its syntax is like
pw command at freebsd with a few exceptions.
--- Terry Davis <tdavis@birddog.com> wrote:
> I wrote my admin tools in perl. There is an md5
> module for perl for this kinda
> stuff. There is also 'directory administrator'.
> Search on freshmeat.net. It
> supports md5 passwds. Writing a little cgi for them
> to change their password is
> really easy. I wrote a library for webmin to
> facilitate managing users and
> groups. it is a kludge and probably insecure in its
> current state but I am
> pretty bad with programming. This goes to show that
> there are ways to do what
> you are asking with little skill. :)
>
> TO answer your other question about passwd, i do not
> know. I think that if you
> are using pam, passwd will follow what pam says and
> do the magic for you,
> including md5.
>
> --
> Terry Davis
> Systems Administrator
> BirdDog Solutions, Inc.
>
>
> Quoting nate <ldap@aphroland.org>:
>
> For those that are using openldap for
> authentication,
> how do you handle passwords? e.g. i plan on using
> MD5 passwords, mainly because traditionally MD5
> has provided stronger encryption of passwords then
> crypt (at least for /etc/shadow), but the problem
> is all of the utils i have found so far (web based
> mostly) only support the crypt password hash.
>
> Another thing i was thinking was just hardcode
> the password for each user, give them the password,
> and revoke their rights to write to that field.
>
> Does the 'passwd' utility work reliably for
> changing LDAP passwords(thats one feature i
> have yet to try). I read a couple places
> it was not, but i think the sites were
> referring to a different version of the pam_ldap
> modules. I plan to use LDAP primarily on solaris
> and Linux(mostly debian 2.2 and 3.0).
>
> thanks to everyone for the help, i got 3 LDAP
> servers running(2 slave), replicating over
> SSL(stunnel, less complicated at this
> point then trying to get them to talk native
> SSL, and stunnel has been a very reliable
> program for me so i trust it's reliablity),
> setup round-robin DNS for the 2 slave
> LDAP servers, have netscape roaming working
> (whew).
>
> now if only mozilla/netscape6 supported LDAP
> and/or roaming! i was shocked to see the
> latest netscape 6 still didn't support LDAP
> yet.
>
> nate
>
>
>
>
>
__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com