RE: LDAP with PAM.D mixes {CRYPT} and {MD5}

[Matthias Eichler <mylists@ame.de>]

Hi Jeff,

I think maybe you are wrong now...
CRYPT is the "old" password style of /etc/shadow, is most spread
in the systems and most compatible but not as secure as
MD5 passwords!
So thats why we really want to store MD5 passwords and not crypt
passwords...:-)

Bye,
Matthias

On Mon, 2003-01-27 at 18:40, Jeff Costlow wrote:
> CRYPT and MD5 passwords are completely different.  CRYPT is what is stored in /etc/password.  MD5 is just an MD5 hash of the password.
> I think you really want CRYPT passwords, not MD5.
> 
> http://www.openldap.org/faq/data/cache/419.html
> 
> 
> -----Original Message-----
> From: Matthias Eichler [mailto:mylists@ame.de]
> Sent: Monday, January 27, 2003 6:43 AM
> To: openldap-software@OpenLDAP.org; pamldap@padl.com
> Subject: LDAP with PAM.D mixes {CRYPT} and {MD5}
> 
> 
> Hi Folx,
> 
> we have some LDAP server with pam_ldap and MD5 passwords
> running, but it seems that wheter LDAP or PAM.D mixes
> MD5 with CRYPT:
> 
> A user has a userPassword set to: {MD5}$1$STRINGBLABLA
> 
> When I do a passwd over pam.d as this user now, passwd
> stores the new password as a {MD5}-String into the LDAP
> directory, but declares this as {CRYPT}.
> Looks like this:
> 
> ---
> userPassword: {crypt}$1$bEHlpx.2$L9WYWbmhStUV9iLQ1tg6m.
> ---
> 
> It does not makes sense at all, but it definetely stores
> a MD5-String and declares this as crypt...
> 
> Does anybody knows how this can happen and how do we
> get rid of this bug?!?
> - Yes, we have MD5 set in the slapd.conf
> - Yes, we have MD5 set in the pam_ldap.conf
> - Yes, we have MD5 set in the /etc/pam.d/* files
> 
> Thank you for your help.
> 
> Matthias
-- 
Matthias Eichler <mylists@ame.de>
AME Aigner Media & Entertainment