RE: MD5 Passwords

[Blake Barnett <Blake.Barnett@DevelopOnline.com>]

Just to reply to my own question, the code in slappasswd actually encodes
the binary md5 data.  So if you do this:

echo -n blah | openssl XXX -binary | openssl base64

Where XXX is your Digest flavor (ie. md5, sha, etc.)

You have to make sure echo isn't supplying a newline as well.  Works like a
charm.  If you have a function in your language of choice, which outputs the
binary rather than the hex md5 hash you can simply encode that string.  If
you don't, you have to either use system commands or convert the hex to
binary yourself (using pack in php/perl, etc.)  Perhaps this should be
documented somewhere!?  

Now.. if only PAM supports base64 encoded md5 passwords.... I'll be done!
heh

* Blake

-----Original Message-----
From: Blake Barnett [mailto:Blake.Barnett@DevelopOnline.com]
Sent: Monday, July 02, 2001 10:29 AM
To: 'openldap-software@openldap.org'
Subject: MD5 Passwords


I am having problems binding to LDAP when I have md5 passwords in
userPassword

For example, I have tried combinations of hashing a password, base64
encoding the password, etc.  like this:

echo blah | openssl md5 | openssl base64
which gives me:
MGQ1OTlmMGVjMDVjM2JkYThjM2I4YTY4YzMyYTFiNDcK

And I store with the {md5} prefix.  I have tried using the {crypt} prefix,
and different combinations of hashing/encoding the password.

Why doesn't this work?  My configuration is as follows:
Debian 2.2r3
OpenLDAP 2.0.11
openssl 0.9.6
libmhash2 is also installed.

Can someone explain to me exactly what OpenLDAP 2+ supports as far as
password encryption is concerned?  I don't see anything in the documentation
and the only results I've found searching are regarding 1.x.  Any help would
be appreciated.

Blake Barnett
Sr. Unix Administrator
DevelopOnline
mailto:blake.barnett@developonline.com