[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password-hash and pam_ldap



Hi everybody,

Charlie Derr wrote:

> Matthias Eichler wrote:
> > Hi,
> > 
> > I have the same problem here, especially with {crypt}.
> > With MD5, you can solve this with setting
> > 
> > user-password {md5}
> > 
> > in slapd.conf
> > 
> 
> looks like it's actually
> 
> password-hash {md5}
> 
> that is needed in slapd.conf
> 
> 	~c

No , none of that.

The manpage says :

--snipp--

password-hash <hash>
              This  option sets the hash to be used in generation
              of user passwords, stored in  userPassword,  during
              processing   of   LDAP   Password  Modify  Extended
              Operations (RFC 3052).  The <hash> must be  one  of
              {SSHA},   {SHA},   {SMD5},   {MD5},   {CRYPT},  and
              {CLEARTEXT}.  The default is {SSHA}.

              {SHA} and {SSHA}  use  the  SHA-1  algorithm  (FIPS
              160-1), the latter with a seed.

              {MD5}  and {SMD5} use the MD5 algorithm (RFC 1321),
              the latter with a seed.

              {CRYPT} uses the crypt(3).

              {CLEARTEXT} indicates that the new password  should
              be added to userPassword as clear text.

              Note  that  this  option  does not alter the normal
              user applications handling of  userPassword  during
              LDAP Add, Modify, or other LDAP operations.

--snipp--

So, what i did now (and also before i wrote the mail) is setting 

pam_password exop

in pam_ldap.conf  to configure pam_ldap  
and after ithat i set (as suggested by the list and manpage) 

password-hash {md5}

in slapd.conf 


What i get is 
{crypt}SOMETHINELSE

So the solution is another, if there's one  


Greets Harry
> 
> > Greetings,
> > 
> > Matthias
> > 
> > 
> >>[server /] # echo -n
> >>e1NNRDV9V2lXUEo4S1ZiT0EzOW1IaDZRRk9Qem15UjlzPQ==|mmencode -u
> >>{SMD5}WiWPJ8KVbOA39mHh6QFOPzmyR9s=
> >>[root@fra10000144 pam_ldap-156]# 
> >>---snipp---
> >>
> >>You see, its's hashed with SMD5 which is not what i want.
> >>(What i really want is to know how i can configure it,
> >>so the hash i want is used ..)
> >>
> >>So, here's what's in my pam_ldap.conf 
> >>(which is the file that configures pam_ldap.so) :
> >>
> >>---snipp---
> > 
> > 
> 
> 

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!