[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Accounts losing passwords



On Wed, Apr 02, 2003 at 11:30:59AM -0800, jamie wrote:

> This accounts password is NOT working
...
> userPassword:: e2NyeXB0fXg=

That translates to:
	{crypt}x
which is certainly not valid. {crypt} format passwords are supposed to
be hashed with the standard Unix crypt, so they should be at least 13
characters but you have just 'x'.

Is it possible that you used a passwd-to-ldap translation tool
running on just /etc/passwd data, and not using /etc/shadow (or
whatever shadow file your OS uses)? It is very common for the password
field of /etc/passwd to show just 'x' where there is a shadow file in
use.

> This accounts password IS working
...
> userPassword:: e2NyeXB0fSQxJDMyOTYxMjkzJFQ4ZmpIOTJJWVdPRWJFeW5XbkNxWS4=

That translates to:
	{crypt}$1$32961293$T8fjH92IYWOEbEynWnCqY.

which looks like an MD5-style hashed password as used by Linux and
other newer Unices.


Incidentally, the trick for viewing LDIF items containing '::' is to
use a perl script like the one appended.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

#!/usr/bin/perl -w
#
# decode-base64

use MIME::Base64;

while (<>) {
	chomp;
	my ($res) = decode_base64($_);
	print $res;
	print "\n";
}