[Date Prev][Date Next] [Chronological] [Thread] [Top]

Different password styles

To: openldap-general@OpenLDAP.org
Subject: Different password styles
From: "Kevin Myer" <kevin_myer@elanco.k12.pa.us>
Date: Tue, 11 May 1999 11:28:24 -0400 (EDT)

Hi,

There's probably no easy way to do this but I thought I would ask.  I have
an LDIF file that I am moving from a Netscape Directory server to an
openLDAP server.  The file contains all the mail users at our school
district.  One nice thing I've discovered is that with some of the users,
I won't even need to tell them to change their passwords and a change of
mail servers will be transparent to them.  So far, I've found three
different forms of encryptions - I've been able to test two of them and
they work.

{crypt}<encrypted password> - I entered a password in the userpassword
attribute using the standard UNIX crypt - this worked for myself.

{SHA}<encrypted password> - some of the entries from the Netscape server
are encrypted using this scheme, which OpenLDAP 1.2.1 announced support
for and with which I can also authenticate with.

{NS-MTA-MD5}<encypted password> - I am assuming that this is just a plain
MD5 encryption of their password, with some special Netscape identifiers
attached.  I'm not sure if this works or not - I would assume that MD5
would be supported at some time (if its not already) in OpenLDAP and its
trivial to strip out the NS-MTA with perl prior to creating the database
if that causes it to choke.

So my question is this - is there any way to have all my passwords stored
in the same format?  I know I can't simply convert them from one
encryption to another but say I have my users reenter their passwords - if
their original password is stored in {SHA} but I want everything {MD5},
will it store it using the original encryption method or can I define a
default encryption method?  Perhaps a silly question but are there
noticeable differences in encryption speeds when using the different
encryption methods?  In other words, will it take the server a second to
encrypt something with MD5, whereas UNIX crypt might encrypt the same
thing in a millisecond?

Thanks for any input.

Kevin

-- 
     ~        Kevin M. Myer
    . .       Network/System Administrator
    /V\       ELANCO School District
   // \
  /(   )\
   ^`~'^

Follow-Ups:
- Re: Different password styles
  - From: Dustin Sallings <dustin@spy.net>
- Re: Different password styles
  - From: John Kristian <kristian@netscape.com>

Prev by Date: Re: null values
Next by Date: Re: Different password styles
Index(es):
- Chronological
- Thread