Re: How to convert Solaris m5 passwords to LDAP?

[Dan White <dwhite@olp.net>]

On 12/11/10 12:59 +0100, Christian Schmidt wrote:
> I just gave this a try and changed a user's password to "password" which
> resulted in the MD5 hash "$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0".
>
> I created an LDIF file with the following line and imported it into
> the directory:
>
> userPassword: {CRYPT}$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0
>
> The phrase after {CRYPT}) is the hash Solaris put in its /etc/shadow.
>
> After importing this line into the LDAP directory, I could *not* login
> as the corresponding user using the password "password". :-(

> It is not: We're running OpenLDAP on Debian GNU/Linux...

What is doing the authentication? Are you using pam_unix via an ldap nss
module, or maybe pam_ldap?

If pam_unix, see pam_unix/passverify.c in the pam source, which expects an
md5 hash to have the format of:

$1$SALT$HASH

like:

$1$6biGTEUt$FrTcXRocuExNsLZItn06l1

However, you have two dollar signs after your salt, and I don't know that
indicates. I tried playing around with your hash but couldn't get it to
match 'password' on my Debian system.

--
Dan White