[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: identifying weak passwords

To: openldap-software@openldap.org
Subject: Re: identifying weak passwords
From: Thierry Lacoste <lacoste@univ-paris12.fr>
Date: Wed, 6 Dec 2006 20:22:51 +0100
Cc: "Cleber P. de Souza" <cleberps@gmail.com>
Content-disposition: inline
In-reply-to: <bd2415a70612060625g24570ab3hd24ef0b25d1907a0@mail.gmail.com>
References: <001a01c717e4$1341a500$0201a8c0@aldebaran> <bd2415a70612060625g24570ab3hd24ef0b25d1907a0@mail.gmail.com>
User-agent: KMail/1.9.4

Thanks you very much.
My passwords are SSHA encoded so I compiled a patched JtR.
Just for the record, I first used ldapsearch to export the
userid:userPassword tuples in a file and was trapped by
the base64 encoding of SSHA passwords.
Using the Net::LDAP perl module to generate this file works great.

Regards,
Thierry.

On Wednesday 06 December 2006 15:25, Cleber P. de Souza wrote:
> Another option is export you ldap user password on the form
> userid:userPassword for a file and use John the Ripper to try crack
> them.
> Weaks passwords are shown on few minutes.
> If your password is on SSHA format, you'll need apply a patch on the JtR.
>
> On 12/4/06, Thierry Lacoste <lacoste@univ-paris12.fr> wrote:
> > I'm running OpenLDAP 2.3.24 on a production server.
> > As I was in a hurry and discovering LDAP when I installed it,
> > I didn't enforce any password policy.
> >
> > Now I would like to identify weak passwords to warn their
> > users. What are my options?
> >
> > Best regards,
> > Thierry.

References:
- identifying weak passwords
  - From: "Thierry Lacoste" <lacoste@univ-paris12.fr>
- Re: identifying weak passwords
  - From: "Cleber P. de Souza" <cleberps@gmail.com>

Prev by Date: Re: schemacheck in slapd.conf
Next by Date: Re: Solaris 10 and openldap - help needed.
Index(es):
- Chronological
- Thread