[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8023) slappasswd with sha2 overlay can generate hashes but not salted hashes
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8023) slappasswd with sha2 overlay can generate hashes but not salted hashes
- From: quanah@zimbra.com
- Date: Tue, 13 Jan 2015 19:14:42 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Tuesday, January 13, 2015 7:11 PM +0000 Jonathan Price
<freebsd@jonathanprice.org> wrote:
> Hi,
>
> From the original email:
> However, if I replace {SHA512} with {SSHA512} it produces the following
> output:
> Password verification failed.
You also were not clear *where* you did this replacement. It is certainly
not valid to do this replacement on the generated hash, as the generated
has was non-salted, and just adding another S in there will not magically
make it salted. It is valid to do this replacement in the slappasswd line
when generating a hash, as per my example, so that a salted hash is
generated.
--Quanah
> It's interesting to see that it does work under certain conditions then.
> It appears that your OpenLDAP installation is part of a Zimbra
> installation. Does Zimbra make any modifications to OpenLDAP, or is it
> just built on top of it?
>
> Either way, I think I'm going to try it on Debian, just to rule out it
> being a FreeBSD issue, which it quite well could be at this point.
>
> On 2015-01-13 19:01, Quanah Gibson-Mount wrote:
>> --On Tuesday, January 13, 2015 6:52 PM +0000 freebsd@jonathanprice.org
>> wrote:
>>
>>> Full_Name: Jonathan Price
>>> Version: 2.4.40
>>> OS: FreeBSD 10.1
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (80.47.105.54)
>>>
>>>
>>> I have compiled version 2.4.40 with the SHA2 module enabled.
>>>
>>> I then run the slappasswd with the following arguments:
>>> slappasswd -h '{SHA512}' -o module-path=/usr/local/libexec/openldap -o
>>> module-load=pw-sha2
>>
>> You requested a non salted hash -> SHA512
>>
>> Did you try requesting a salted hash? -> SSHA512
>>
>> Works fine for me, and I've been using it in production for quite some
>> time.
>>
>> [zimbra@zre-ldap003 ~]$ /opt/zimbra/openldap/sbin/slappasswd -h
>> '{SSHA512}' -o module-path=/opt/zimbra/openldap/sbin/openldap -o
>> module-load=pw-sha2 -s test
>> {SSHA512}TSwAWmK3sv42RbAasugMPR8d7GLozXtKU00v5Jdd4ebmXBsOpt5We5HNkXxFfy5
>> Ptaoa/KUsmTV5484NA3UmrHrOpyUVnEh9
>>
>>
>>
>> --Quanah
>>
>> --
>>
>> Quanah Gibson-Mount
>> Platform Architect
>> Zimbra, Inc.
>> --------------------
>> Zimbra :: the leader in open source messaging and collaboration
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration