[Date Prev][Date Next] [Chronological] [Thread] [Top]

what password-crypt-salt-format to choose?



Hi all,

I would be gratefull to you if you could let me know
what crypt salt you use to make the password crypt ..
i mean i have openldap 2.0.18 and qmail-1.03 with
qmail-ldap patch for ldap authentication.

when i add an entry in openldap ( my slapd.conf has
password-has {crypt}
password-crypt-salt-format  "%.8s"

)

and i try to authenticate using qmail-pop3d it doesn
authenticates and gives authentication error,
WHEREAS if i encrypt using GQ using its CRYPT SCHEME
... i get authenticatred successfully on qmail-pop3d
???

please let me know what salt method should i use or ay
other way so that when i bulkadd users ( in 100,000
!!! ) i get automatically encrypted passwords in
correct form.

I realize GQ is uses something like a standard
two-byte salt, using libcrypto (from OpenSSL) to
generate a random byte, and base64-encoding that byte
into two ASCII bytes:

     RAND_pseudo_bytes(rand, 8);
     b64_encode(salt, rand, 8);
[...]
     salt->str[2] = 0;

So what should i do to get the same type of encryption
by modifying my slapd.conf or something else to get
the same effect. and hence getting authenticated on
qmail-pop3d.

Am really looking forward to your reply, though i know
you might be busy, but i would really appreciate if
you could help me out and save me!!

Thanks for your help in advance!

Regards
Rajat



__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com