[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4837) SunLDAP to OpenLDAP migration problem

On Feb 8, 2007, at 5:12 PM, rklein@deep-field.com wrote:

> "The passwords from SunONE are stored in SSHA format. This means that
> for each password a salt has been generated. The password + salt is  
> encoded
> using
> SHA1 algorithm. That encoded string + salt is stored in the  
> password field.
> Both SunONE and OpenLDAP support SSHA, however, it seems that SunONE
> uses an 8 byte salt and OpenLDAP uses a 4 byte salt.

For hash generation, yes.  But the hash checking code will compute
the salt size on a per check basis.

> So, when OpenLDAP looks at the password strings, it gets the wrong  
> salt,
> and will fail to decode the password."

Conclusion doesn't follow.

Have you actually tested this?  I believe it just works.

-- Kurt