[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: LDAP with PAM.D mixes {CRYPT} and {MD5}
Hi Jeff,
I think maybe you are wrong now...
CRYPT is the "old" password style of /etc/shadow, is most spread
in the systems and most compatible but not as secure as
MD5 passwords!
So thats why we really want to store MD5 passwords and not crypt
passwords...:-)
Bye,
Matthias
On Mon, 2003-01-27 at 18:40, Jeff Costlow wrote:
> CRYPT and MD5 passwords are completely different. CRYPT is what is stored in /etc/password. MD5 is just an MD5 hash of the password.
> I think you really want CRYPT passwords, not MD5.
>
> http://www.openldap.org/faq/data/cache/419.html
>
>
> -----Original Message-----
> From: Matthias Eichler [mailto:mylists@ame.de]
> Sent: Monday, January 27, 2003 6:43 AM
> To: openldap-software@OpenLDAP.org; pamldap@padl.com
> Subject: LDAP with PAM.D mixes {CRYPT} and {MD5}
>
>
> Hi Folx,
>
> we have some LDAP server with pam_ldap and MD5 passwords
> running, but it seems that wheter LDAP or PAM.D mixes
> MD5 with CRYPT:
>
> A user has a userPassword set to: {MD5}$1$STRINGBLABLA
>
> When I do a passwd over pam.d as this user now, passwd
> stores the new password as a {MD5}-String into the LDAP
> directory, but declares this as {CRYPT}.
> Looks like this:
>
> ---
> userPassword: {crypt}$1$bEHlpx.2$L9WYWbmhStUV9iLQ1tg6m.
> ---
>
> It does not makes sense at all, but it definetely stores
> a MD5-String and declares this as crypt...
>
> Does anybody knows how this can happen and how do we
> get rid of this bug?!?
> - Yes, we have MD5 set in the slapd.conf
> - Yes, we have MD5 set in the pam_ldap.conf
> - Yes, we have MD5 set in the /etc/pam.d/* files
>
> Thank you for your help.
>
> Matthias
--
Matthias Eichler <mylists@ame.de>
AME Aigner Media & Entertainment