[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8023) slappasswd with sha2 overlay can generate hashes but not salted hashes

quanah@zimbra.com wrote:
> --On Tuesday, January 13, 2015 7:24 PM +0000 Jonathan Price
> <freebsd@jonathanprice.org> wrote:
>> I do apologise for the confusion, I'll try to clarify below:
>> Here is the command you ran successfully:
>> /opt/zimbra/openldap/sbin/slappasswd -h
>> '{SSHA512}' -o module-path=/opt/zimbra/openldap/sbin/openldap -o
>> module-load=pw-sha2 -s test
>> {SSHA512}TSwAWmK3sv42RbAasugMPR8d7GLozXtKU00v5Jdd4ebmXBsOpt5We5HNkXxFfy5
>> Ptaoa/KUsmTV5484NA3UmrHrOpyUVnEh9
>> Here is an example of me running just a plain SHA512
>> slappasswd -h '{SHA512}' -o module-path=/usr/local/libexec/openldap -o
>> module-load=pw-sha2
>> {SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUN
>> zLDBMxfqa2Ob1f1ACio/w==
>> And here is an example of me running a salted SHA512 (SSHA512)
>> slappasswd -h '{SSHA512}' -o module-path=/usr/local/libexec/openldap -o
>> module-load=pw-sha2 -s test
>> Password verification failed.
>> I hope this helps to clarify.
> Yes, thank you.  So I'm using 2.4.39.  There were some minor changes to
> slapd-sha2 in 2.4.40.  I will see if I can reproduce the issue with current
> RE24.

I have a FreeBSD 9 VM here with 2.4.40 installed from ports. Both SHA512 
and SSHA512 work fine on it. Doesn't look to me like there's any 
OpenLDAP bug here, this is one for the FreeBSD folks to sort out.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/