[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap_bind and crypt
ons, 2002-11-20 kl. 16:03 skrev Alicia Rioperez:
> I'm starting with ldap and I have a lot of doubts these are some of
> them:
> - If I have a ldap server with the user's passwords encrypted with crypt
> and I try to authenticate myself from a client using:
> ldap_simple_bind_s (ld, mydn, my passwd in cleartext)
> Would I be authenticated or I'd need to encrypt my password before
> binding?
You'd be authenticated. The passwords are only stored in crypt, md5
hash, sha1 or whatever. For simple binds, all passwords are
decrypted/sent in cleartext/encrypted for comparison, which is what
makes all non-SSL/SASL traffic so hazardous.
> In this case, how would I know the salt the ldap server is
> using to encrypt?
See above.
> How can I configure my ldap server to manage the passwords encrypted
> with crypt?
Use any utility, perl or whatever. There are plenty around. Encrypt/hash
the password on the command line or in a shell file, utility or whatever
and give it to ldapmodify as (literally:) {crypt}password string,
{md5}passwordstring etc. The server will do the rest, if it's been
compiled correctly.
If you use Linux, Solaris, BSD get hold of GQ - the latest version. It
will teach you a lot.
> have a nice day
I did, thank you. It's nearly time for bed.
Best,
Tony
--
Tony Earnshaw
When all's said and done ...
there's nothing left to say or do.
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl