[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8023) slappasswd with sha2 overlay can generate hashes but not salted hashes
Hi,
From the original email:
However, if I replace {SHA512} with {SSHA512} it produces the following
output:
Password verification failed.
It's interesting to see that it does work under certain conditions then.
It appears that your OpenLDAP installation is part of a Zimbra
installation. Does Zimbra make any modifications to OpenLDAP, or is it
just built on top of it?
Either way, I think I'm going to try it on Debian, just to rule out it
being a FreeBSD issue, which it quite well could be at this point.
On 2015-01-13 19:01, Quanah Gibson-Mount wrote:
> --On Tuesday, January 13, 2015 6:52 PM +0000 freebsd@jonathanprice.org
> wrote:
>
>> Full_Name: Jonathan Price
>> Version: 2.4.40
>> OS: FreeBSD 10.1
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (80.47.105.54)
>>
>>
>> I have compiled version 2.4.40 with the SHA2 module enabled.
>>
>> I then run the slappasswd with the following arguments:
>> slappasswd -h '{SHA512}' -o module-path=/usr/local/libexec/openldap -o
>> module-load=pw-sha2
>
> You requested a non salted hash -> SHA512
>
> Did you try requesting a salted hash? -> SSHA512
>
> Works fine for me, and I've been using it in production for quite some
> time.
>
> [zimbra@zre-ldap003 ~]$ /opt/zimbra/openldap/sbin/slappasswd -h
> '{SSHA512}' -o module-path=/opt/zimbra/openldap/sbin/openldap -o
> module-load=pw-sha2 -s test
> {SSHA512}TSwAWmK3sv42RbAasugMPR8d7GLozXtKU00v5Jdd4ebmXBsOpt5We5HNkXxFfy5Ptaoa/KUsmTV5484NA3UmrHrOpyUVnEh9
>
>
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Platform Architect
> Zimbra, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration