[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind and crypt

To: Alicia Rioperez <arp03@tid.es>
Subject: Re: ldap_bind and crypt
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 20 Nov 2002 21:25:56 +0100
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
In-reply-to: <3DDBA441.75B2C80@tid.es>
Organization:
References: <3DDBA441.75B2C80@tid.es>

ons, 2002-11-20 kl. 16:03 skrev Alicia Rioperez:

> I'm starting with ldap and I have a lot of doubts these are some of
> them:
> - If I have a ldap server with the user's passwords encrypted with crypt
> and I try to authenticate myself from a client using:
> ldap_simple_bind_s (ld, mydn, my passwd in cleartext)
> Would I be authenticated or I'd need to encrypt my password before
> binding?

You'd be authenticated. The passwords are only stored in crypt, md5
hash, sha1 or whatever. For simple binds, all passwords are
decrypted/sent in cleartext/encrypted for comparison, which is what
makes all non-SSL/SASL traffic so hazardous.

>  In this case, how would I know the salt the ldap server is
> using to encrypt?

See above.

> How can I configure my ldap server to manage the passwords encrypted
> with crypt?

Use any utility, perl or whatever. There are plenty around. Encrypt/hash
the password on the command line or in a shell file, utility or whatever
and give it to ldapmodify as (literally:) {crypt}password string,
{md5}passwordstring etc. The server will do the rest, if it's been
compiled correctly.

If you use Linux, Solaris, BSD get hold of GQ - the latest version. It
will teach you a lot.

> have a nice day

I did, thank you. It's nearly time for bed.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

References:
- ldap_bind and crypt
  - From: Alicia Rioperez <arp03@tid.es>

Prev by Date: Re: nscd/openldap issue
Next by Date: Re: ldap_bind in php
Index(es):
- Chronological
- Thread