[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password hashes and simple binds

To: Dieter Klünter <dieter@dkluenter.de>, Michael Ströder <michael@stroeder.com>
Subject: Re: password hashes and simple binds
From: Howard Chu <hyc@symas.com>
Date: Sat, 23 Nov 2013 11:56:46 -0800
Cc: OpenLDAP <openldap-technical@openldap.org>
In-reply-to: <20131123195702.6632f458@rubin.avci.de>
References: <20131123092815.73068050@rubin.avci.de> <52909E98.6020302@stroeder.com> <20131123195702.6632f458@rubin.avci.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 SeaMonkey/2.24a1

Dieter Klünter wrote:

Am Sat, 23 Nov 2013 13:24:56 +0100
schrieb Michael Ströder <michael@stroeder.com>:

Dieter Klünter wrote:

Hi,
I have a ldap server (2.4.36) with various password hashes
{CLEARTEXT} {KERBEROS} {SSHA} for different users, there is no
pasword-hash declaration in slapd.conf. Now i face a strange
behaviour with {CLEARTEXT} hash. that is:
userPassword: {CLEARTEXT} secret

                           ^^^
I'd try to remove this extra space. Not sure though.


Just to demonstrate the various hash scheme {CLEARTEXT} results:
  http://pastebin.de/37485

-Dieter

CLEARTEXT is not an actual hash scheme. It's only handled by the SASL code.For Simple Binds, a cleartext password must not have any scheme specifier at all.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- password hashes and simple binds
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: password hashes and simple binds
  - From: Michael Ströder <michael@stroeder.com>
- Re: password hashes and simple binds
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: password hashes and simple binds
Next by Date: Re: password hashes and simple binds
Index(es):
- Chronological
- Thread