[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Crypt problem

To: M.vanDorp@wiwo.nl
Subject: Re: Crypt problem
From: M.vanDorp@wiwo.nl
Date: Wed, 5 Jun 2002 19:38:16 +0200 (CEST)
Cc: openldap <openldap-software@OpenLDAP.org>
In-reply-to: <200206040814.KAA00790@speedy.wiwo.nl>

I did the following to verify a crypted password:

first, get the encrypted password from ldap:
($password is password to be compared with LDAP)


$entries=ldap_get_entries($ldap,$result)
$ldappwd=$entries[0]["userPassword"][0];

check if the password is crypted:

if strstr($ldappwd,"{crypt}") {
  //remove {crypt} prefix
  $ldappwd=substr($ldappwd,7);
  // normal crypt use 2digit salt
  $salt=substr($ldappwd,0,2);
  // MD5 crypt starts with $1$, 12 digits long
  strstr($ldappwd,"$1") && $salt=substr($ldappwd,0,12);
  // Blowfish crypt has $2$ as prefix, and 16 digits long
  strstr($ldappwd,"$2$) && $salt=substr($ldappwd,0,16);
  $password=crypt($password,$salt);
}
// Now both passwords are in same format:

if ($ldappwd == $password) {
  // They match!
  // $salt is only set with crypted password
  IsSet($salt) ? $password='{crypt}'.$password
               : $password='{crypt}'.crypt($password);
               
  // This is to make sure the password is stored encrypted
  <code to process $password any further>
}

I did something similar with ntPassword and lmPassword. I used the
external program smbencrypt to provide me with the right values

HTH,

Marcel
-- 
---------------------------------------------------------------
ing. Marcel van Dorp (CCDP, CCNP+security)   http://www.wiwo.nl
WiWo Support                                 tel. 071-523 77 91
Postbus 1098                                 fax  071-523 77 94
2340 BB Oegstgeest                           gsm  0653-50 77 76
---------------------------------------------------------------

References:
- Re: Crypt problem
  - From: M.vanDorp@wiwo.nl

Prev by Date: RE: Performance with indexes
Next by Date: Re: ADS quick question
Index(es):
- Chronological
- Thread