[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: RE : how to generate passwords?
Sorry to keep a topic going that's not directly related to OpenLDAP,
but this may come in handy for several OpenLDAP users...
I can't post the CGI because it's _very_ specific to my setup, but here's
a good example of various password formats in Perl. I think I've only
even tried crypt1 and ssha with my OpenLDAP/nss_ldap/pam_ldap setup and
they work fine. If you use Slackware like me, make sure you install a
PAMified /bin/login or you won't be able to (for example) use telnet as
a user in LDAP.
Watch out for word wrap if you cut and paste anything and if you
improve/add anything, let me know. BTW, I use perl 5.6.1, haven't tried
any of this with anything else.
#!/usr/bin/perl -w
# crypt1, crypt2, md5, smd5, sha, ssha
my $password_format = "ssha";
use strict;
my ($password,$encpass);
die "\nUsage: $0 password\n\n" if ! $ARGV[0];
$password = $ARGV[0];
$encpass = &encrypt_password($password);
if ($encpass) { print "Encrypted password: $encpass\n"; }
else { print "Error! blank encpass return!?\n"; }
sub encrypt_password {
my $pass=$_[0];
my ($cryptdpass);
$password_format = 'crypt1' if ! $password_format;
$password_format = lc($password_format);
if ($password_format eq 'crypt1') { $cryptdpass = &password_crypt1($pass); }
elsif ($password_format eq 'crypt2') { $cryptdpass = &password_crypt2($pass); }
elsif ($password_format eq 'md5') { $cryptdpass = &password_md5($pass); }
elsif ($password_format eq 'smd5') { $cryptdpass = &password_smd5($pass); }
elsif ($password_format eq 'sha') { $cryptdpass = &password_sha($pass); }
elsif ($password_format eq 'ssha') { $cryptdpass = &password_ssha($pass); }
return($cryptdpass);
}
sub password_crypt1 {
my $pass=$_[0];
my ($cryptdpass,$salt);
$salt = &get_salt;
$cryptdpass = '{CRYPT}' . crypt($pass,$salt);
return($cryptdpass);
}
sub password_crypt2 {
my $pass=$_[0];
use Crypt::PasswdMD5;
my ($cryptdpass,$salt);
$salt = &get_salt;
$cryptdpass = '{MD5}' . unix_md5_crypt($pass,$salt);
return($cryptdpass);
}
sub password_md5 {
my $pass=$_[0];
use Digest::MD5;
use MIME::Base64;
my ($hashedPasswd);
my $ctx = Digest::MD5->new;
$ctx->add($pass);
$hashedPasswd = '{MD5}' . encode_base64($ctx->digest,'');
return($hashedPasswd);
}
sub password_smd5 {
my $pass=$_[0];
use Digest::MD5;
use MIME::Base64;
my ($hashedPasswd,$salt);
$salt = &get_salt;
my $ctx = Digest::MD5->new;
$ctx->add($pass);
$ctx->add($salt);
$hashedPasswd = '{SMD5}' . encode_base64($ctx->digest . $salt,'');
return($hashedPasswd);
}
sub password_sha {
my $pass=$_[0];
use Digest::SHA1;
use MIME::Base64;
my ($hashedPasswd);
my $ctx = Digest::SHA1->new;
$ctx->add($pass);
$hashedPasswd = '{SHA}' . encode_base64($ctx->digest,'');
return($hashedPasswd);
}
sub password_ssha {
my $pass=$_[0];
use Digest::SHA1;
use MIME::Base64;
my ($hashedPasswd,$salt);
$salt = &get_salt8;
my $ctx = Digest::SHA1->new;
$ctx->add($pass);
$ctx->add($salt);
$hashedPasswd = '{SSHA}' . encode_base64($ctx->digest . $salt,'');
return($hashedPasswd);
}
sub get_salt {
my $rands = substr(time(),-4);
my $salt = ('a'..'z')[int(($rands/100)%26)];
$salt .= ('a'..'z')[int(($rands%100)%26)];
return($salt);
}
sub get_salt8 {
my $salt = join '', ('a'..'z')[rand 26,rand 26,rand 26,rand 26,rand 26,rand 26,rand 26,rand 26];
return($salt);
}