[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to make ldap evaluate clear text password vs DES stored password

To: openldap-technical@openldap.org
Subject: Re: How to make ldap evaluate clear text password vs DES stored password
From: Dieter Klünter <dieter@dkluenter.de>
Date: Fri, 21 Sep 2018 10:20:58 +0200
In-reply-to: <wu7y3bvppnf.fsf@banyan.cs.ait.ac.th>
Organization: AVCI
References: <20180920134410.sfj4kkn5l2lyib6p@dan.olp.net> <wu7y3bvppnf.fsf@banyan.cs.ait.ac.th>

Am Fri, 21 Sep 2018 09:09:40 +0700
schrieb Olivier <Olivier.Nicole@cs.ait.ac.th>:

> Hi,
> 
> >LDAP’s userPassowrd stored in the RDB has been already DES hashed by
> >original app. On the other hand, input password from ldapseach
> >command line is CREARTEXT.
> >  
> >I’d like to change certification process of LDAP source file to make
> >input password into DES hashed by using 2 characters of userPassword
> >as its SALT.  
> 
> That is how LDAP works if it knows that your passwrd is DES.
> 
> But the encoding for DES by LDAP may be slightly different from the
> encoding for DES by your original app.
> 
> For a DES encrypted password, LDAP expects to see:
> userpassword: {CRYPT}6FgwLHWxQzlgA
> where 6F is the salt (LDAP knows that the 6F is the salt)
> 
> So if your RDB only contains 6FgwLHWxQzlgA, you may have to modify
> that.
[...]
slappasswd(8) provides some information on password hashing and salting.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

References:
- Re: How to make ldap evaluate clear text password vs DES stored password
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: How to make ldap evaluate clear text password vs DES stored password
  - From: Olivier <Olivier.Nicole@cs.ait.ac.th>

Prev by Date: Re: How to make ldap evaluate clear text password vs DES stored password
Next by Date: Re: How to make ldap evaluate clear text password vs DES stored password
Index(es):
- Chronological
- Thread