[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can password-hash be database specific? also, storing and verifying cleartext passwords

To: openldap-technical@openldap.org
Subject: Re: Can password-hash be database specific? also, storing and verifying cleartext passwords
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Thu, 24 Jun 2010 22:27:45 +0200
In-reply-to: <4C20D550.8030503@coas.oregonstate.edu> (Tom Leach's message of "Tue, 22 Jun 2010 08:22:56 -0700")
References: <4C20D550.8030503@coas.oregonstate.edu>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

Tom Leach <leach@coas.oregonstate.edu> writes:

[...]
> Also, how do I verify that the passwords are stored in cleartext?
> On a test server, I've created just the radius database with a global
> 'password-hash {CLEARTEXT}', I have the following ldif file that I add
> with:
> ldapadd -x -W -v -D 'cn=Manager,o=radius' -f mac.ldif -h ldap_server
>
> Contents of mac.ldif:
>     dn:uid=001e68d08ff9,o=radius
>     uid: 001e68d08ff9
>     cn: 001e68d08ff9
>     userPassword: {cleartext}001e68d08ff9
>     objectClass: top
>     objectClass: radiusProfile
>     objectClass: radiusObjectProfile
>
> but when I use ldapsearch or slapcat to dump the database, the
> userPassword line looks to be hashed.
[...]
>     userPassword:: e2NsZWFydGV4dH0wMDFlNjhkMDhmZjk=
[...]

This is just the base64 encoding of the plaintext password. You may
decode this by mmencode -u

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

References:
- Can password-hash be database specific? also, storing and verifying cleartext passwords
  - From: Tom Leach <leach@coas.oregonstate.edu>

Prev by Date: Re: ldaprc with ldaps:// and ldap:// fallback
Next by Date: Re: Migration from Novell eDirectory to OpenLDAP
Index(es):
- Chronological
- Thread