[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8023) slappasswd with sha2 overlay can generate hashes but not salted hashes
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8023) slappasswd with sha2 overlay can generate hashes but not salted hashes
- From: hyc@symas.com
- Date: Thu, 22 Jan 2015 17:09:18 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
quanah@zimbra.com wrote:
> --On Tuesday, January 13, 2015 7:24 PM +0000 Jonathan Price
> <freebsd@jonathanprice.org> wrote:
>
>> I do apologise for the confusion, I'll try to clarify below:
>>
>> Here is the command you ran successfully:
>> /opt/zimbra/openldap/sbin/slappasswd -h
>> '{SSHA512}' -o module-path=/opt/zimbra/openldap/sbin/openldap -o
>> module-load=pw-sha2 -s test
>> {SSHA512}TSwAWmK3sv42RbAasugMPR8d7GLozXtKU00v5Jdd4ebmXBsOpt5We5HNkXxFfy5
>> Ptaoa/KUsmTV5484NA3UmrHrOpyUVnEh9
>>
>> Here is an example of me running just a plain SHA512
>> slappasswd -h '{SHA512}' -o module-path=/usr/local/libexec/openldap -o
>> module-load=pw-sha2
>> {SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUN
>> zLDBMxfqa2Ob1f1ACio/w==
>>
>> And here is an example of me running a salted SHA512 (SSHA512)
>> slappasswd -h '{SSHA512}' -o module-path=/usr/local/libexec/openldap -o
>> module-load=pw-sha2 -s test
>> Password verification failed.
>>
>> I hope this helps to clarify.
>
> Yes, thank you. So I'm using 2.4.39. There were some minor changes to
> slapd-sha2 in 2.4.40. I will see if I can reproduce the issue with current
> RE24.
I have a FreeBSD 9 VM here with 2.4.40 installed from ports. Both SHA512
and SSHA512 work fine on it. Doesn't look to me like there's any
OpenLDAP bug here, this is one for the FreeBSD folks to sort out.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/