[Date Prev][Date Next] [Chronological] [Thread] [Top]

I need help badly: Password Encryption Problem?

Hi Kurt,

I would be gratefull to you if you could let me know
what crypt salt to use to make the userPassword crypt
by default, when i add a LDIF entry.

i mean i have openldap 2.0.19 and qmail-1.03 with
qmail-ldap patch for ldap authentication.

when i add an entry in openldap ( my slapd.conf looks
like --->>
password-has {crypt}
password-crypt-salt-format  "%.8s"


and i try to authenticate using qmail-pop3d it doesn
authenticates and gives authentication error,
WHEREAS if i encrypt using GQ LDAP CLIENT using its
... i get authenticatred successfully on qmail-pop3d

Also if i use GQ LDAP CLIENT to view a users entry or
i use qmail-ldaplookup program to lookup a users
entry, i get the users password in clear text, though
i had specified in the slapd.conf the encryption
scheme and salt.

Whereas if i use GQ LDAP CLIENT to encrypt the
userPassword in crypt scheme, and i get the correct
output of qmail-ldaplookup program shownign the users
password in proper crypt output, and even ldapsearch
gives the proper crypt output of the user.

please let me know what salt method should i use or ay
other way so that when i bulkadd users ( in 100,000
!!! ) i get automatically encrypted passwords in
correct form.

I realize GQ is uses something like a standard
two-byte salt, using libcrypto (from OpenSSL) to
generate a random byte, and base64-encoding that byte
into two ASCII bytes:

     RAND_pseudo_bytes(rand, 8);
     b64_encode(salt, rand, 8);
     salt->str[2] = 0;

So what should i do to get the same type of encryption
by modifying my slapd.conf or something else to get
the same effect. and hence getting authenticated on

Am really looking forward to your reply, though i know
you might be busy, but i would really appreciate if
you could help me out and save me!!

Thanks for your help in advance!


Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!