[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Can password-hash be database specific? also, storing and verifying cleartext passwords
Tom Leach <leach@coas.oregonstate.edu> writes:
[...]
> Also, how do I verify that the passwords are stored in cleartext?
> On a test server, I've created just the radius database with a global
> 'password-hash {CLEARTEXT}', I have the following ldif file that I add
> with:
> ldapadd -x -W -v -D 'cn=Manager,o=radius' -f mac.ldif -h ldap_server
>
> Contents of mac.ldif:
> dn:uid=001e68d08ff9,o=radius
> uid: 001e68d08ff9
> cn: 001e68d08ff9
> userPassword: {cleartext}001e68d08ff9
> objectClass: top
> objectClass: radiusProfile
> objectClass: radiusObjectProfile
>
> but when I use ldapsearch or slapcat to dump the database, the
> userPassword line looks to be hashed.
[...]
> userPassword:: e2NsZWFydGV4dH0wMDFlNjhkMDhmZjk=
[...]
This is just the base64 encoding of the plaintext password. You may
decode this by mmencode -u
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6