[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can password-hash be database specific? also, storing and verifying cleartext passwords



Tom Leach <leach@coas.oregonstate.edu> writes:

[...]
> Also, how do I verify that the passwords are stored in cleartext?
> On a test server, I've created just the radius database with a global
> 'password-hash {CLEARTEXT}', I have the following ldif file that I add
> with:
> ldapadd -x -W -v -D 'cn=Manager,o=radius' -f mac.ldif -h ldap_server
>
> Contents of mac.ldif:
>     dn:uid=001e68d08ff9,o=radius
>     uid: 001e68d08ff9
>     cn: 001e68d08ff9
>     userPassword: {cleartext}001e68d08ff9
>     objectClass: top
>     objectClass: radiusProfile
>     objectClass: radiusObjectProfile
>
> but when I use ldapsearch or slapcat to dump the database, the
> userPassword line looks to be hashed.
[...]
>     userPassword:: e2NsZWFydGV4dH0wMDFlNjhkMDhmZjk=
[...]

This is just the base64 encoding of the plaintext password. You may
decode this by mmencode -u

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6