[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different password styles

To: Kevin Myer <kevin_myer@elanco.k12.pa.us>
Subject: Re: Different password styles
From: Dustin Sallings <dustin@spy.net>
Date: Tue, 11 May 1999 09:54:24 -0700 (PDT)
Cc: openldap-general@OpenLDAP.org
In-reply-to: <Pine.LNX.4.10.9905111116520.18274-100000@marble.elanco.k12.pa.us>

On Tue, 11 May 1999, Kevin Myer wrote:

	ldappasswd has an option to set the hash.  As long as you're
telling it what hash to use, it'll use that hash.

# Hi,
# 
# There's probably no easy way to do this but I thought I would ask.  I have
# an LDIF file that I am moving from a Netscape Directory server to an
# openLDAP server.  The file contains all the mail users at our school
# district.  One nice thing I've discovered is that with some of the users,
# I won't even need to tell them to change their passwords and a change of
# mail servers will be transparent to them.  So far, I've found three
# different forms of encryptions - I've been able to test two of them and
# they work.
# 
# {crypt}<encrypted password> - I entered a password in the userpassword
# attribute using the standard UNIX crypt - this worked for myself.
# 
# {SHA}<encrypted password> - some of the entries from the Netscape server
# are encrypted using this scheme, which OpenLDAP 1.2.1 announced support
# for and with which I can also authenticate with.
# 
# {NS-MTA-MD5}<encypted password> - I am assuming that this is just a plain
# MD5 encryption of their password, with some special Netscape identifiers
# attached.  I'm not sure if this works or not - I would assume that MD5
# would be supported at some time (if its not already) in OpenLDAP and its
# trivial to strip out the NS-MTA with perl prior to creating the database
# if that causes it to choke.
# 
# So my question is this - is there any way to have all my passwords stored
# in the same format?  I know I can't simply convert them from one
# encryption to another but say I have my users reenter their passwords - if
# their original password is stored in {SHA} but I want everything {MD5},
# will it store it using the original encryption method or can I define a
# default encryption method?  Perhaps a silly question but are there
# noticeable differences in encryption speeds when using the different
# encryption methods?  In other words, will it take the server a second to
# encrypt something with MD5, whereas UNIX crypt might encrypt the same
# thing in a millisecond?
# 
# Thanks for any input.
# 
# Kevin
# 
# -- 
#      ~        Kevin M. Myer
#     . .       Network/System Administrator
#     /V\       ELANCO School District
#    // \
#   /(   )\
#    ^`~'^
# 
# 

--
SA, beyond.com           My girlfriend asked me which one I like better.
pub  1024/3CAE01D5 1994/11/03 Dustin Sallings <dustin@spy.net>
|    Key fingerprint =  87 02 57 08 02 D0 DA D6  C8 0F 3E 65 51 98 D8 BE 
L_______________________ I hope the answer won't upset her. ____________

References:
- Different password styles
  - From: "Kevin Myer" <kevin_myer@elanco.k12.pa.us>

Prev by Date: Different password styles
Next by Date: Re: Different password styles
Index(es):
- Chronological
- Thread