[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Salted passwords, further clarification please



m h wrote:
> 
> I'm trying to write a script to change the rootpw value in slapd.conf.

Why? Parsing slapd.conf yourself is error-prone. If you really need the
rootdn I would disable rootpw in slapd.conf and add a real entry for
rootdn for which you can set the userPassword attribute.

> My question has to do with the random salt.  How do I verify the
> existing password?

>  Going through slappasswd doesn't appear to work,
> since it uses a random salt each time.

Yes, slappasswd is for generating not checking password values.

> Furthermore, how does the server know what the salt is? 

Since you know how long the particular hash value is everything else is
the salt.

> (I read through the FAQ on the website and it says the salt is added
> to the password before encryption).

The salt is randomly chosen and hashed (not encrypted) together with the
password.

Anyway I'd recommend not to mess with slapd.conf at all (see above).

Ciao, Michael.