[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Different password styles
On Tue, 11 May 1999, Kevin Myer wrote:
ldappasswd has an option to set the hash. As long as you're
telling it what hash to use, it'll use that hash.
# Hi,
#
# There's probably no easy way to do this but I thought I would ask. I have
# an LDIF file that I am moving from a Netscape Directory server to an
# openLDAP server. The file contains all the mail users at our school
# district. One nice thing I've discovered is that with some of the users,
# I won't even need to tell them to change their passwords and a change of
# mail servers will be transparent to them. So far, I've found three
# different forms of encryptions - I've been able to test two of them and
# they work.
#
# {crypt}<encrypted password> - I entered a password in the userpassword
# attribute using the standard UNIX crypt - this worked for myself.
#
# {SHA}<encrypted password> - some of the entries from the Netscape server
# are encrypted using this scheme, which OpenLDAP 1.2.1 announced support
# for and with which I can also authenticate with.
#
# {NS-MTA-MD5}<encypted password> - I am assuming that this is just a plain
# MD5 encryption of their password, with some special Netscape identifiers
# attached. I'm not sure if this works or not - I would assume that MD5
# would be supported at some time (if its not already) in OpenLDAP and its
# trivial to strip out the NS-MTA with perl prior to creating the database
# if that causes it to choke.
#
# So my question is this - is there any way to have all my passwords stored
# in the same format? I know I can't simply convert them from one
# encryption to another but say I have my users reenter their passwords - if
# their original password is stored in {SHA} but I want everything {MD5},
# will it store it using the original encryption method or can I define a
# default encryption method? Perhaps a silly question but are there
# noticeable differences in encryption speeds when using the different
# encryption methods? In other words, will it take the server a second to
# encrypt something with MD5, whereas UNIX crypt might encrypt the same
# thing in a millisecond?
#
# Thanks for any input.
#
# Kevin
#
# --
# ~ Kevin M. Myer
# . . Network/System Administrator
# /V\ ELANCO School District
# // \
# /( )\
# ^`~'^
#
#
--
SA, beyond.com My girlfriend asked me which one I like better.
pub 1024/3CAE01D5 1994/11/03 Dustin Sallings <dustin@spy.net>
| Key fingerprint = 87 02 57 08 02 D0 DA D6 C8 0F 3E 65 51 98 D8 BE
L_______________________ I hope the answer won't upset her. ____________