Re: using {CRYPT} for rootpw, using SHA512?

[Brian Reichert <reichert@numachi.com>]

On Fri, Aug 15, 2014 at 12:49:03PM +0100, Miroslaw Baran wrote:
> Works quite well with our LDAP boxes.

So, what I see:

This code yeilds results like:

  {CRYPT}JHGa.sqLNfcew

Which, by eye, looks like output from this:

  # /usr/local/openldap/sbin/slappasswd -h '{CRYPT}' -s TestPass -c "$6$%.12s"
  {CRYPT}$g6KO.N/Fj3GQ

Which do allow my rootdn to bind.

But, what confuses me is that the use of the password overlay as per

  http://www.openldap.org/lists/openldap-technical/201305/msg00002.html

Yeilds this sort of results in an ldapsearch:

  {CRYPT}$6$RKd7QOs4qcMu$0rxaR7Sjcl1Gm1sRU13H3lvha7.FbBXiNYK2hDix6rXekruzuNN7pW/1/9755KmD9NLqYcTFDbxubAvxyX.wg.

So -  everything works, but I'm confused visually about the different
formats; the latter, from what I've read, contains info about the hash
format and the salt, but the data I record for rootpw does not.

Why are they different?

> Best regards,
> ??? Miroslaw Baran

-- 
Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large