[Date Prev][Date Next] [Chronological] [Thread] [Top]

Salted passwords, further clarification please

To: openldap-software@openldap.org
Subject: Salted passwords, further clarification please
From: "m h" <sesquile@gmail.com>
Date: Wed, 24 Jan 2007 11:50:56 -0700
Content-disposition: inline

Hi all.

I'm trying to write a script to change the rootpw value in slapd.conf.
Before allowing the user to change the password, I'm asking that they
first verify the existing password.

My question has to do with the random salt.  How do I verify the
existing password?  Going through slappasswd doesn't appear to work,
since it uses a random salt each time.  ie:

r52 ~ # slappasswd -s foo
{SSHA}OBe71ShE85Wd8PINTJzunxazszPWpon1
r52 ~ # slappasswd -s foo
{SSHA}OCK0lxJa+pfFqDfE39N3EZ8529IZIMhd

It doesn't appear from the man page for slappasswd that you can
specify the salt.

Furthermore, how does the server know what the salt is?  (I read
through the FAQ on the website and it says the salt is added to the
password before encryption).

A little confused.  Anything enlightening would be wonderful!  Thanks much.

matt

Follow-Ups:
- Re: Salted passwords, further clarification please
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: getting DN from client with GSSAPI bind?
Next by Date: [Fwd: Re: Bug(?) With OpenLDAP 2.3.32]
Index(es):
- Chronological
- Thread