[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Different password styles
Hi,
There's probably no easy way to do this but I thought I would ask. I have
an LDIF file that I am moving from a Netscape Directory server to an
openLDAP server. The file contains all the mail users at our school
district. One nice thing I've discovered is that with some of the users,
I won't even need to tell them to change their passwords and a change of
mail servers will be transparent to them. So far, I've found three
different forms of encryptions - I've been able to test two of them and
they work.
{crypt}<encrypted password> - I entered a password in the userpassword
attribute using the standard UNIX crypt - this worked for myself.
{SHA}<encrypted password> - some of the entries from the Netscape server
are encrypted using this scheme, which OpenLDAP 1.2.1 announced support
for and with which I can also authenticate with.
{NS-MTA-MD5}<encypted password> - I am assuming that this is just a plain
MD5 encryption of their password, with some special Netscape identifiers
attached. I'm not sure if this works or not - I would assume that MD5
would be supported at some time (if its not already) in OpenLDAP and its
trivial to strip out the NS-MTA with perl prior to creating the database
if that causes it to choke.
So my question is this - is there any way to have all my passwords stored
in the same format? I know I can't simply convert them from one
encryption to another but say I have my users reenter their passwords - if
their original password is stored in {SHA} but I want everything {MD5},
will it store it using the original encryption method or can I define a
default encryption method? Perhaps a silly question but are there
noticeable differences in encryption speeds when using the different
encryption methods? In other words, will it take the server a second to
encrypt something with MD5, whereas UNIX crypt might encrypt the same
thing in a millisecond?
Thanks for any input.
Kevin
--
~ Kevin M. Myer
. . Network/System Administrator
/V\ ELANCO School District
// \
/( )\
^`~'^