[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password hashing?

To: <openldap-software@OpenLDAP.org>
Subject: Password hashing?
From: <kend@xanoptix.com>
Date: Fri, 23 May 2003 16:36:14 -0400 (EDT)
Importance: Normal

Hi, all.  I'm attempting to whip up a web-based LDAP authentication
front-end for a user-maintenance script, and I can't figure out how to
hash my passwords.  Here's the deal:

When I input a password via an ldif file, I use slappasswd to convert the
plaintext password to a {CRYPT} hash.  (Yeah, yeah, I know crypt sucks;
I'm using it for legacy reasons.)  When I query my database with
ldapsearch, however, I get something completely different.  Lastly, if I
query with gq, I get my original crypt.

Start with plaintext "foobar".
slappasswd -s foobar -c {CRYPT} returns  {CRYPT}{CBoeqknHnBQw
which I then enter via
userPassword: {CRYPT}{CBoeqknHnBQw
in an ldif file.  However, ldapsearch returns (note the double-colon)
userPassword:: e0NSWVBUfXtDQm9lcWtuSG5CUXc=


So, my question is:

1) How, via ldapsearch or Perl, do I pull the original {CRYPT} hash?
2) Failing that, how do I convert the {CRYPT} hash to the spiffy "::"
   format?

Thanks...

Ken D'Ambrosio
Sr. SysAdmin,
Xanoptix, Inc.

Follow-Ups:
- Re: Password hashing?
  - From: Andreas <andreas@conectiva.com.br>

Prev by Date: Re: LDAP Queries
Next by Date: RE: ldap traffic encryption with kerberos
Index(es):
- Chronological
- Thread