[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8023) slappasswd with sha2 overlay can generate hashes but not salted hashes

Hi,=0A=0AI tried 2.4.39 under FreeBSD and still had the same issue.=0A=0A=
I have also tried the packages for both CentOS 7 and Debian Wheezy, but u=
nfortunately neither of them include the SHA2 overlay by default.=0A=0AFi=
nally, I tried installing zimbra-core and zimbra-ldap under CentOS. When =
I used this installation, it worked successfully.=0A=0AI ran slapd -V on =
the zimbra installation, and it's 2.4.39. However, based on it still not =
working on 2.4.39 on FreeBSD it appears to have narrowed it down to two r=
easons:=0A- An issue with the packaging under FreeBSD=0A- The functionali=
ty is specific to Zimbra=0A=0AThe next step in the process to narrow this=
 down is to do a manual compilation on CentOS, including the SHA2 overlay=
. If this works, then it would confirm it to be a FreeBSD issue, and if i=
t doesn't work that would strongly suggest that Zimbra has modified somet=
hing.=0A=0AThanks for the assistance so far,=0A=0A-Jonathan=0A=0AJanuary =
13 2015 8:00 PM, "Quanah Gibson-Mount" <quanah@zimbra.com> wrote: =0A> --=
On Tuesday, January 13, 2015 7:24 PM +0000 Jonathan Price=0A> <freebsd@jo=
nathanprice.org> wrote:=0A> =0A>> I do apologise for the confusion, I'll =
try to clarify below:=0A>> =0A>> Here is the command you ran successfully=
:=0A>> /opt/zimbra/openldap/sbin/slappasswd -h=0A>> '{SSHA512}' -o module=
-path=3D/opt/zimbra/openldap/sbin/openldap -o=0A>> module-load=3Dpw-sha2 =
-s test=0A>> {SSHA512}TSwAWmK3sv42RbAasugMPR8d7GLozXtKU00v5Jdd4ebmXBsOpt5=
We5HNkXxFfy5=0A>> Ptaoa/KUsmTV5484NA3UmrHrOpyUVnEh9=0A>> =0A>> Here is an=
 example of me running just a plain SHA512=0A>> slappasswd -h '{SHA512}' =
-o module-path=3D/usr/local/libexec/openldap -o=0A>> module-load=3Dpw-sha=
2=0A>> {SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvI=
h/1nsUN=0A>> zLDBMxfqa2Ob1f1ACio/w=3D=3D=0A>> =0A>> And here is an exampl=
e of me running a salted SHA512 (SSHA512)=0A>> slappasswd -h '{SSHA512}' =
-o module-path=3D/usr/local/libexec/openldap -o=0A>> module-load=3Dpw-sha=
2 -s test=0A>> Password verification failed.=0A>> =0A>> I hope this helps=
 to clarify.=0A> =0A> Yes, thank you. So I'm using 2.4.39. There were som=
e minor changes to=0A> slapd-sha2 in 2.4.40. I will see if I can reproduc=
e the issue with current=0A> RE24.=0A> =0A> --Quanah=0A> =0A> --=0A> =0A>=
 Quanah Gibson-Mount=0A> Platform Architect=0A> Zimbra, Inc. =0A> _______=
________________________=0A> =0A> Zimbra :: the leader in open source mes=
saging and collaboration