[Date Prev][Date Next]
Re: (ITS#4837) SunLDAP to OpenLDAP migration problem
On Feb 8, 2007, at 5:12 PM, firstname.lastname@example.org wrote:
> "The passwords from SunONE are stored in SSHA format. This means that
> for each password a salt has been generated. The password + salt is
> SHA1 algorithm. That encoded string + salt is stored in the
> password field.
> Both SunONE and OpenLDAP support SSHA, however, it seems that SunONE
> uses an 8 byte salt and OpenLDAP uses a 4 byte salt.
For hash generation, yes. But the hash checking code will compute
the salt size on a per check basis.
> So, when OpenLDAP looks at the password strings, it gets the wrong
> and will fail to decode the password."
Conclusion doesn't follow.
Have you actually tested this? I believe it just works.