[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PASSWORDS (2)

To: Shahin <shahin@gateway.ege.edu.tr>, openldap-software@OpenLDAP.org
Subject: Re: PASSWORDS (2)
From: Peter Marschall <peter@adpm.de>
Date: Fri, 30 May 2003 15:51:03 +0200
Content-disposition: inline
In-reply-to: <Pine.LNX.4.44.0305301445220.26696-100000@gateway>
Organization: ADPM
References: <Pine.LNX.4.44.0305301445220.26696-100000@gateway>
User-agent: KMail/1.5.1

Hi,

On Friday 30 May 2003 13:50, Shahin wrote:
> I am sorry for asking this question twice, but I have no choice.
Really ?

> In ldap on my system plain password are used ....
>
> But when I have migrate /etc/passwd (shadow) by migrate_passwd script
> Because the password field of ldif file is encrypted , it is added as
> encrypted.
>
> My question is how can I cange ldap password encryption ?
>
> I have added
> password-hash	{crypt}
> to slapd.conf , but it stil didnt work....
With ldapadd or ldapmodify the userPassword attribute is 
treated like any other attribute. If you want to have it crypted,
you have to encrypt it on the client side.

To do the encryption on the server side you need to set the
password-hash (and related) statements in slapd.conf and
use ldappasswd that uses the LDAPv3 Password Modify (RFC 3062)
extended operation.

If you want to convert the {crypt}ed hashes into plaintext you are out of 
look. The crypt() function is a one-way function: it is easy to crypt() 
something, but it is very hard to get the original string back from the
crypted version.

Peter

-- 
Peter Marschall
eMail: peter@adpm.de

References:
- PASSWORDS (2)
  - From: Shahin <shahin@gateway.ege.edu.tr>

Prev by Date: Re: Dynamic Groups
Next by Date: Re: PASSWORDS (2)
Index(es):
- Chronological
- Thread