[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypting password

At 11:39 AM 1/5/00 +0800, syw wrote: 
>I read the man pages of slapd.conf and they recommend encrypting
>the root password with SHA, MD5 or CRYPT instead of cleartext password).
>Question is, where do i get the tools to do this encryption and
>decryption, are they available in Linux?

First, one must be careful when using the term "encrypt".
In the case of userPassword and rootpw, the password value
is not encrypted, it is hashed using one-way algorithm.
The algorithms are special in that they are designed (some
better than others) such that it is computationally
infeasible to determine an input which would generate
the stored hash.  When used in password systems, the
verify "hashes" the user input and compares this with
the stored hash value.  If they are the same, it is assumed
that the user input and the original string which produced
the stored hash are the same and the user is authenticated.

Second, for OpenLDAP-devel, see slapd/tools/slappasswd.
For other versions of OpenLDAP, see htpasswd from Apache,
or various perl (or whatever) scripts, or cut and paste
from your password file, or...