I would like to maintain compatability with my old .htpasswd files and to support some legacy authentication that uses the crypt(3) passwords with MD5 style hashes, i.e.
$1$salt$asdfjklkjfdsa
I've read the code, and it appears to me as if a hack to allow {CRYPT_MD5} password scheme would work, you would only have to write a new hash routine in liblutil/passwd.c hash_md5crypt() that would look almost exactly the same as hash_crypt(), except that it generates a salt that begins with $1$. {CRYPT_MD5} could use the same chk_crypt() function as {CRYPT}
You could then set the default
password-hash {CRYPT_MD5}
in your slapd.conf, and viola all your passwords that were changed with extended operations would use the MD5 style crypt algorithm.
I think the hardest part would be coming up with enough information for configure to turn it on, although you could piggyback on top of the code that turns on {CRYPT}, and just assume that if a user puts {CRYPT_MD5} in slapd.conf, they must know what they are doing. In the worst case, they get the exact same behavior as {CRYPT}, and everything still works
Comments?
(After I wrote this, I realized how easy it was, so I decided to post a patch along with this message, sorry the patch is against my local cvs repos which has 2.0.7, but it should probably take against your version, I've included some patches from code beyond 2.0.7)
<<openldap.patch>>
Attachment:
openldap.patch
Description: Binary data