[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Crypt problem
I did the following to verify a crypted password:
first, get the encrypted password from ldap:
($password is password to be compared with LDAP)
$entries=ldap_get_entries($ldap,$result)
$ldappwd=$entries[0]["userPassword"][0];
check if the password is crypted:
if strstr($ldappwd,"{crypt}") {
//remove {crypt} prefix
$ldappwd=substr($ldappwd,7);
// normal crypt use 2digit salt
$salt=substr($ldappwd,0,2);
// MD5 crypt starts with $1$, 12 digits long
strstr($ldappwd,"$1") && $salt=substr($ldappwd,0,12);
// Blowfish crypt has $2$ as prefix, and 16 digits long
strstr($ldappwd,"$2$) && $salt=substr($ldappwd,0,16);
$password=crypt($password,$salt);
}
// Now both passwords are in same format:
if ($ldappwd == $password) {
// They match!
// $salt is only set with crypted password
IsSet($salt) ? $password='{crypt}'.$password
: $password='{crypt}'.crypt($password);
// This is to make sure the password is stored encrypted
<code to process $password any further>
}
I did something similar with ntPassword and lmPassword. I used the
external program smbencrypt to provide me with the right values
HTH,
Marcel
--
---------------------------------------------------------------
ing. Marcel van Dorp (CCDP, CCNP+security) http://www.wiwo.nl
WiWo Support tel. 071-523 77 91
Postbus 1098 fax 071-523 77 94
2340 BB Oegstgeest gsm 0653-50 77 76
---------------------------------------------------------------