[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword?

To: Raul Caballero Ortega <rcortega@di.uc3m.es>
Subject: Re: userPassword?
From: Jan-Piet Mens <jpm@Retail-SC.com>
Date: Mon, 24 Jun 2002 11:01:32 +0200 (CEST)
Cc: Mehdi Jabal Ameli <jabalameli@ce.sharif.edu>, <openldap-software@OpenLDAP.org>
In-reply-to: <3D16C9F5.6020904@di.uc3m.es>

IMHO what you are doing here is not portable. Directory servers such
as OpenLDAP can store userpasswords with different hashes (not just
crypt(3)) and that would break your code!

The only portable method of checking if a password is correct is to
search for the user's entry in the directory, retrieve the DN and then
bind as that DN with the user-supplied password. If the bind is
successful, the password is correct, otherwise it is incorrect.

	-JP

On Mon, 24 Jun 2002, Raul Caballero Ortega wrote:

> Hi:
>
>     Sure, have a look at this:
>
>         #let '$entry' be the result of a ldapsearch (Note you must bind
> as an appropiate user so that you can request such
>         #attribute)
>         #we get the userPassword
>         $pass  = $entry->get_value('userPassword');
>
>         #split the password
>         $pass =~/^{crypt}(.*)/;
>         $trim = $1;
>         #let '$passwd' be the password typed by the user, cypher it
>         $Result = crypt($passwd, $trim);
>         $comparePasswd = "{crypt}".$Result;
>         #real comparison
>         if("$comparePasswd" eq "$pass"){
>             return 1;
>         }
>
> Sorry about my poor english
>
> Good luck
>
> Mehdi Jabal Ameli wrote:
>
> > hi,
> >
> > Can I check user password in Perl script?
> >
> > (dn->userPassword=="mypass")

References:
- Re: userPassword?
  - From: Raul Caballero Ortega <rcortega@di.uc3m.es>

Prev by Date: how do I specify EXTERNAL SASL mech in slurpd?
Next by Date: Private key for slurpd etc.
Index(es):
- Chronological
- Thread