[Date Prev][Date Next] [Chronological] [Thread] [Top]

what password-crypt-salt-format to choose?

Hi all,

I would be gratefull to you if you could let me know
what crypt salt you use to make the password crypt ..
i mean i have openldap 2.0.18 and qmail-1.03 with
qmail-ldap patch for ldap authentication.

when i add an entry in openldap ( my slapd.conf has
password-has {crypt}
password-crypt-salt-format  "%.8s"


and i try to authenticate using qmail-pop3d it doesn
authenticates and gives authentication error,
WHEREAS if i encrypt using GQ using its CRYPT SCHEME
... i get authenticatred successfully on qmail-pop3d

please let me know what salt method should i use or ay
other way so that when i bulkadd users ( in 100,000
!!! ) i get automatically encrypted passwords in
correct form.

I realize GQ is uses something like a standard
two-byte salt, using libcrypto (from OpenSSL) to
generate a random byte, and base64-encoding that byte
into two ASCII bytes:

     RAND_pseudo_bytes(rand, 8);
     b64_encode(salt, rand, 8);
     salt->str[2] = 0;

So what should i do to get the same type of encryption
by modifying my slapd.conf or something else to get
the same effect. and hence getting authenticated on

Am really looking forward to your reply, though i know
you might be busy, but i would really appreciate if
you could help me out and save me!!

Thanks for your help in advance!


Do You Yahoo!?
Send your FREE holiday greetings online!