[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password-hash and pam_ldap
Hi everybody,
Charlie Derr wrote:
> Matthias Eichler wrote:
> > Hi,
> >
> > I have the same problem here, especially with {crypt}.
> > With MD5, you can solve this with setting
> >
> > user-password {md5}
> >
> > in slapd.conf
> >
>
> looks like it's actually
>
> password-hash {md5}
>
> that is needed in slapd.conf
>
> ~c
No , none of that.
The manpage says :
--snipp--
password-hash <hash>
This option sets the hash to be used in generation
of user passwords, stored in userPassword, during
processing of LDAP Password Modify Extended
Operations (RFC 3052). The <hash> must be one of
{SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT}, and
{CLEARTEXT}. The default is {SSHA}.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS
160-1), the latter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321),
the latter with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should
be added to userPassword as clear text.
Note that this option does not alter the normal
user applications handling of userPassword during
LDAP Add, Modify, or other LDAP operations.
--snipp--
So, what i did now (and also before i wrote the mail) is setting
pam_password exop
in pam_ldap.conf to configure pam_ldap
and after ithat i set (as suggested by the list and manpage)
password-hash {md5}
in slapd.conf
What i get is
{crypt}SOMETHINELSE
So the solution is another, if there's one
Greets Harry
>
> > Greetings,
> >
> > Matthias
> >
> >
> >>[server /] # echo -n
> >>e1NNRDV9V2lXUEo4S1ZiT0EzOW1IaDZRRk9Qem15UjlzPQ==|mmencode -u
> >>{SMD5}WiWPJ8KVbOA39mHh6QFOPzmyR9s=
> >>[root@fra10000144 pam_ldap-156]#
> >>---snipp---
> >>
> >>You see, its's hashed with SMD5 which is not what i want.
> >>(What i really want is to know how i can configure it,
> >>so the hash i want is used ..)
> >>
> >>So, here's what's in my pam_ldap.conf
> >>(which is the file that configures pam_ldap.so) :
> >>
> >>---snipp---
> >
> >
>
>
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!