[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slappasswd compiles but fails to work without --enable-crypt (ITS#2906)

To: openldap-its@OpenLDAP.org
Subject: Re: slappasswd compiles but fails to work without --enable-crypt (ITS#2906)
From: Kurt@OpenLDAP.org
Date: Fri, 9 Jan 2004 03:31:24 GMT

At 12:13 PM 1/8/2004, cat@reptiles.org wrote:
>On Wed, 7 Jan 2004, Kurt D. Zeilenga wrote:
>> At 01:00 PM 1/7/2004, cat@reptiles.org wrote:
>> >Full_Name: Cat Okita
>> >Version: 2.1.25
>> >OS: RedHat 7.3
>> >URL: ftp://ftp.openldap.org/incoming/
>> >Submission from: (NULL) (64.241.93.62)
>> >
>> >
>> >When openldap is compiled without the --enable-crypt option [and I suspect that
>> >this may also be true for --enable-sasl], slappasswd is compiled and installed,
>> >but does not function correctly [returns an error message].
>>
>> To function "correctly" requires, in many cases, return the
>> return of an error message.  For your report, I cannot tell
>> whether the output is correct for the input (as you provided
>> neither).
>>
>> Please provide a sample of the input and output and detail
>> why you believe the output to be incorrect.
>
>Looking over things today, it appears that the compilation options were a
>red herring [although setting the default to -only- compile plain text
>authentication is a bit strange, IMHO].
>
>I've solved the problem, but also identified some sources for
>correction:
>
>The documentation states that:
>
>        /usr/local/sbin/slappasswd -h {CRYPT}
>        New password:
>        Re-enter new password:
>        Password generation failed.
>
>should function as expected.

That failed because your shell treated, I assume, { and } as being
special.  However, I agree that the error message could be more
descriptive.

>As it turns out, the format should
>actually be:
>
>        /usr/local/sbin/slappasswd -h '{CRYPT}'
>        New password:
>        Re-enter new password:
>        {CRYPT}DMWh.dJyy54xg

Note that would have failed if the single quotes we're special to
your shell.

>I also tried:
>
>        /usr/local/sbin/slappasswd -h CRYPT
>        New password:
>        Re-enter new password:
>        Password generation failed.
>
>just to see.
>
>The output is incorrect IMHO, because it doesn't indicate why the
>password generation failed in enough detail to indicate the source of
>the issue. Similarly, the documenation (via the man page) is actually
>incorrect.

The documentation, though I will add a clarification, is actually quite
correct.  The user must pass, via their shell, {CRYPT}.  If your shell
requires that to be protected somehow, then that's what you need to do.

Prev by Date: RE: slappasswd compiles but fails to work without --enable-crypt (ITS#2906)
Next by Date: Re: slappasswd compiles but fails to work without --enable-crypt (ITS#2906)
Index(es):
- Chronological
- Thread