[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password consistancy in the LDAP database

I haven't personally tried that but you can use 'cpu'
tool that can be found freshmeat. Its syntax is like
pw command at freebsd with a few exceptions.

--- Terry Davis <tdavis@birddog.com> wrote:
> I wrote my admin tools in perl.  There is an md5
> module for perl for this kinda
> stuff.  There is also 'directory administrator'. 
> Search on freshmeat.net.  It
> supports md5 passwds.  Writing a little cgi for them
> to change their password is
> really easy.  I wrote a library for webmin to
> facilitate managing users and
> groups.  it is a kludge and probably insecure in its
> current state but I am
> pretty bad with programming.  This goes to show that
> there are ways to do what
> you are asking with little skill.  :)
> TO answer your other question about passwd, i do not
> know.  I think that if you
> are using pam, passwd will follow what pam says and
> do the magic for you,
> including md5.
> -- 
> Terry Davis
> Systems Administrator
> BirdDog Solutions, Inc.
> Quoting nate <ldap@aphroland.org>:
>  For those that are using openldap for
> authentication,
>  how do you handle passwords?  e.g. i plan on using
>  MD5 passwords, mainly because traditionally MD5
>  has provided stronger encryption of passwords then
>  crypt (at least for /etc/shadow), but the problem
>  is all of the utils i have found so far (web based
>  mostly) only support the crypt password hash.
>  Another thing i was thinking was just hardcode
>  the password for each user, give them the password,
>  and revoke their rights to write to that field.
>  Does the  'passwd' utility work reliably for
>  changing LDAP passwords(thats one feature i
>  have yet to try). I read a couple places
>  it was not, but i think the sites were
>  referring to a different version of the pam_ldap
>  modules. I plan to use LDAP primarily on solaris
>  and Linux(mostly debian 2.2 and 3.0).
>  thanks to everyone for the help, i got 3 LDAP
>  servers running(2 slave), replicating over
>  SSL(stunnel, less complicated at this
>  point then trying to get them to talk native
>  SSL, and stunnel has been a very reliable
>  program for me so i trust it's reliablity),
>  setup round-robin DNS for the 2 slave
>  LDAP servers, have netscape roaming working
>  (whew).
>  now if only mozilla/netscape6 supported LDAP
>  and/or roaming! i was shocked to see the
>  latest netscape 6 still didn't support LDAP
>  yet.
>  nate

Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!