[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Read encrypted userPassword from Mysql
I have been struggling with this for days now, trying different setups
to no avail. I have openldap 2.3.40 installed and functioning (at least
enough to read) with a mysql backend that is configured through
unixODBC. I want to map the 'userPassword' attribute to a Mysql view
that will contain the information from our other Mysql databases, such
as username, name_first, password, salt, etc. Now the problem becomes
how to read the encrypted format of our passwords. Our passwords are
stored in Mysql the following way-
/UPDATE user SET salt="'.$salt.'",
password=SHA1(AES_ENCRYPT("'.$string.'","'.$salt.'")) WHERE id='.$this->id
/where salt is generated by-
/$salt = substr(md5(uniqid(rand(), true)), 0, 64);
/Now I know that openldap doesn't support AES_ENCRYPTION, however it
does support SHA. Now, the problem with this setup seems to be that I
can't find a way to un-SHA the passwords, and then have it do an
AES_DECRYPT. So I have been trying to switch the SHA and AES around so
that, when a password is stored it is actually SHA encrypted first, and
then AES_ENCRYPTED over top of that (granted, not quite as secure). I
think that would enable me to use the AES_DECRYPT function in my
'ldap_attr_mappings' table to read the decrypted AES passwords, and then
just check them with SHA. I have been trying to figure out all the
base64 encoding that I have to mess with to read the encrypted formats,
with not much luck. Has anyone done anything similar to this before?
Is there a better way to read our encrypted Mysql passwords? This ldap
is going to be used for VPN authentication, so I'm not concerned with
writing data to it, just need to be able to read a users password. Thanks.