[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can I implement SHA schema??? (ITS#197)

At 01:24 PM 6/9/99 GMT, dtimail@fazenda.sp.gov.br wrote:
>I have a ldif file with encrypted passwords using "secure hash
>algorithm" (sha), and when I create new users, (it`s another ldap
>application, not openldap) the passwords work fine and are entered in
>the database with sha schema. BUT, after installed the openldap, and
>this ldif file imported to it, old users work fine, but new users
>created are included in the database with clear text schema, that is, if
>I get a ldapsearch in the database, the password of the new users are
>showed without any encryptation, so, any people that can read the ldif,
>can get the password of the users.

The OpenLDAP slapd does not encrypt the userPassword attribute
upon modification.

>How can I create new users, encrypting your passwords?

You must do the work on the client side.  This can be done
using scripts, cut and paste from /etc/password (when using
{CRYPT} format, or through other means...

Or ldappasswd...