[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Crypt PWs Stored in LDAP v2 DB

well, I have a process that generates a crypted password from a cgi.

Here are the specs you are interrested in:

$rands = substr(time(),-4);
$salt = ('a'..'z')[int(($rands/100)%26)];
$salt .= ('a'..'z')[int(($rands%100)%26)];
$cryptdpass = crypt($pass,$salt);
$newpass = "{crypt}$cryptdpass";

$pass is the cleartext password. $newpass is the final password in the form of "{crypt}password"

This is perl.  Hope this helps!

Bill Gray wrote:

Terry Davis wrote:

Are you asking how it comes up with the crypt password?

Yes, thank you. The v1 LDAP DB contained the crypt(3)-ed string as it appeared in the shadow file; the v2 LDAP DB seems to have messed with it somehow. I'm trying to un-
derstand why they're different, and after that, what
the correct approach is to storing passwords in v2, since it seems quite different from v1 --where I hadn't given it much thought.

Bill Gray wrote:

I don't understand the machinations LDAP v2 is going
thru when a user with a userPassword is stored:

 From the add operation (ldapadd ...)

     add cn:
             Spam Bait
             Monty Python
     add userPassword:

 But then slapcat shows

     cn: Spam Bait
     cn: Monty Python
     userPassword:: e0NSWVBUfWFXZy5udDdtOGl0R2s=

slapd.conf contains

   password-hash   {CRYPT}
   password-crypt-salt-format  "%.2s"


Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059