[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Hashed passwords in userpassword



At 08:22 PM 9/25/99 +0200, Michael Ströder wrote:
>Actually I'm integrating support for setting/modifying encrypted/hashed
>passwords in my WWW-LDAP-gateway.
>
>This works fine with using crypt, e.g.
>
>userpassword: {CRYPT}.5X.al91HG.WI
>
>But what's the scheme for using MD5 or SHA-1 hashed passwords?

The basic scheme is described by RFC2307.  This Netscape technote
provides additional details for SHA and SSHA schemes:

 http://developer.netscape.com:80/docs/technote/ldap/pass_sha.html

(md5 and smd5 are encoded similiarly).

>Is there already support for hashed passwords in OpenLDAP?

Yes.  OpenLDAP 1.2 supports authentication against userPassword
schemes:
  crypt, md5, smd5, sha and sha1.

OpenLDAP 1.2 uses client-side hash generation.  See ldappasswd(1).

Kurt