[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How to make ldap evaluate clear text password vs DES stored password
- To: Dan White <dwhite@cafedemocracy.org>
- Subject: Re: How to make ldap evaluate clear text password vs DES stored password
- From: Olivier <Olivier.Nicole@cs.ait.ac.th>
- Date: Fri, 21 Sep 2018 09:09:40 +0700
- Cc: openldap-technical@openldap.org, yokoyamy@jacic.or.jp
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-transfer-encoding:content-type:content-type:mime-version :message-id:date:date:in-reply-to:subject:subject:from:from :received:received:received; s=selector1; t=1537495782; x= 1539310183; bh=CbYYJgJW5Lo0hlajg175+x95e1YXg/Wx8Ty4jBYlc2o=; b=S hY1u9+ONDBRO1Dhtg9/d2jA4l/DQdWXgUYbnTQDgSM9rm/yrGsIFnQRFCfdkFtW4 tISaDuRpaS1hBy0bjlaEkA21laQ6xIB7mT+8Jv2OP0i5FTTlL5i4+bSSlnBKv5Kn r4eGZmhGDN4abN2TxtNM8G2ugkUNCXBjISDyFuZ1bg=
- In-reply-to: <20180920134410.sfj4kkn5l2lyib6p@dan.olp.net> (message from Dan White on Thu, 20 Sep 2018 08:44:10 -0500)
Hi,
>LDAP’s userPassowrd stored in the RDB has been already DES hashed by
>original app. On the other hand, input password from ldapseach command
>line is CREARTEXT.
>
>I’d like to change certification process of LDAP source file to make input
>password into DES hashed by using 2 characters of userPassword as its
>SALT.
That is how LDAP works if it knows that your passwrd is DES.
But the encoding for DES by LDAP may be slightly different from the
encoding for DES by your original app.
For a DES encrypted password, LDAP expects to see:
userpassword: {CRYPT}6FgwLHWxQzlgA
where 6F is the salt (LDAP knows that the 6F is the salt)
So if your RDB only contains 6FgwLHWxQzlgA, you may have to modify that.
Or I did not understood your question.
Best regards,
Olivier