[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How can I get OpenLDAP to hash passwords as crypt?
<quote who="Kervin L. Pierre">
>
> Hi,
>
> I am trying to have OpenLDAP hash passwords using the crypt(3) format
> before storing in the userpassword attribute, but with no luck. How is
> this done?
>
> I am using 2.1.2 and I have the "password-hash {CRYPT}" in my config
> file.
> My ldapadds use the cleartext passwords, eg. "userpassword: secret", but
> I'm guessing OpenLDAP will hash those before storing them? If not, how
> do I do this?
>
> I saw the config option "password-hash-salt", but I didn't understand the
> explanation given. When would I need to set this? My OpenLDAP server is
> running on a linux box, but the client are solaris 8/9 machines, so I'm
> thinking the salt might be a factor?
> Has anyone successfully done this?
i do it manually using the slappasswd program. in my case
i use MD5 for storing the passwords, a quick script i wrote up
for use with samba(it works, though i haven't tested it in
3-4 months)
this is not original stuff, i ripped it out of a couple other
scripts, since i couldn't find anything that supported MD5,
its not the best solution i'm sure, but its the only thing
i was able to come up with at the time ..
http://saratoga.linuxpowered.net/~aphro/smbpass-ldap.txt
i can't do anything beyond basic scripting or im sure it'd
look a lot better and be more secure but maybe it can give you
an idea of another way to change passwords .......it is
easily adapted to use crypt, just change the argument
passed to slappasswd.
this way I am able to store a copy of the user's passwords,
so i can tell if they are weak or not, as well as login to their
accounts when they call for help.
i think i only tested it 3-4 times ..hope it works still !
nate