[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password-hash and pam_ldap

To: openldap-software@OpenLDAP.org
Subject: Password-hash and pam_ldap
From: Harry Rüter <harry_rueter@gmx.de>
Date: Mon, 25 Nov 2002 10:47:56 +0100 (MET)

Hi everybody,

i'm a little confused about how password-hashes are used
in conjunction with pam_ldap.

What i want is to store the password in MD5-format.

Example :

---snipp---
[server /etc]# /usr/local/ldap-2.1.x/sbin/slappasswd -h {MD5}
New password:
Re-enter new password:
{MD5}2tEgXrIHtAnGHOzH3ENslg==
[server /etc]#
---snipp---

If i put this hash into the attribute userpassword (posixaccount)
i can authenticate with my chosen password.

When i change the password with passwd it comes to troubles :

---snipp---
[vasuser@server vasuser]$ passwd
old password:
 type new password:
again new password:
password changed for vasuser
passwd: all authentication tokens updated successfully
[vasuser@server vasuser]$
---snipp---

So, now i`ll look, what's the new value :

---snipp---
[server /] # ldapsearch -H "ldaps://server" -b "dc=abc,dc=def"
-s sub -x -D "cn=bla" -W  "(objectclass=*)"

....

cn: vasuser
userPassword:: e1NNRDV9V2lXUEo4S1ZiT0EzOW1IaDZRRk9Qem15UjlzPQ==

---snipp---

Let's look what the password looks like :

---snipp---

[server /] # echo -n
e1NNRDV9V2lXUEo4S1ZiT0EzOW1IaDZRRk9Qem15UjlzPQ==|mmencode -u
{SMD5}WiWPJ8KVbOA39mHh6QFOPzmyR9s=
[root@fra10000144 pam_ldap-156]# 

---snipp---

You see, its's hashed with SMD5 which is not what i want.
(What i really want is to know how i can configure it,
so the hash i want is used ..)

So, here's what's in my pam_ldap.conf 
(which is the file that configures pam_ldap.so) :

---snipp---
host server

base o=webservices,dc=abcd,dc=efg

ldap_version 3

pam_password exop
ssl on

tls_checkpeer yes

tls_cacertfile /usr/local/ldapcert/cacert.pem
tls_cert /usr/local/ldapcert/ldapcert.pem
tls_key /usr/local/ldapcert/ldapkey.pem
ssl yes 

---snipp---

First, i tried 
pam_password MD5
(in pam_ldap.conf)
but this gave me the following 

---snipp---
[server /]# echo-n
e2NyeXB0fSQxJC9waXVWS2tQJFB6b2J2TFU4Vk52aHc5R1NtQWc3cy4=|mmencode -u
{crypt}$1$/piuVKkP$PzobvLU8VNvhw9GSmAg7s.
[server /]# 
---snipp---

So, what the hell is this, i tried to force MD5 and what i get is  {crypt}
???

I tried different configurations,
but i never got it to hash with MD5, where's my mistake ?

greets Harry

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

Follow-Ups:
- Re: Password-hash and pam_ldap
  - From: Matthias Eichler <mylists@ame.de>

Prev by Date: Re: Compile error - 'cannot find -lpam'
Next by Date: RE: ldap installation
Index(es):
- Chronological
- Thread