[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How to make ldap evaluate clear text password vs DES stored password
On 09/20/18 08:43 +0900, yokoyamy@jacic.or.jp wrote:
LDAP’s userPassowrd stored in the RDB has been already DES hashed by
original app. On the other hand, input password from ldapseach command
line is CREARTEXT.
I’d like to change certification process of LDAP source file to make input
password into DES hashed by using 2 characters of userPassword as its
SALT.
I've already known that 2 characters at the beginning of userPasswordwas
used as its SALT when it was hashed.
So the fact is ,my slapd can read userPassword from the RDB. I think I'll
be able to find out what will be SALT to make input password into DES
hashed text.
If the hashed/encrypted password is supported by your local crypt(3)
library, you can prepend the userPassword value with {CRYPT} as specified
in slapd-config(5) and section 14.4.2 of the Admin Guide.
Else, if you have a pam module which supports authentication of your hash,
take a look at Pass-Through authentication (section 14.5).