[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind and crypt

ons, 2002-11-20 kl. 16:03 skrev Alicia Rioperez:

> I'm starting with ldap and I have a lot of doubts these are some of
> them:
> - If I have a ldap server with the user's passwords encrypted with crypt
> and I try to authenticate myself from a client using:
> ldap_simple_bind_s (ld, mydn, my passwd in cleartext)
> Would I be authenticated or I'd need to encrypt my password before
> binding?

You'd be authenticated. The passwords are only stored in crypt, md5
hash, sha1 or whatever. For simple binds, all passwords are
decrypted/sent in cleartext/encrypted for comparison, which is what
makes all non-SSL/SASL traffic so hazardous.

>  In this case, how would I know the salt the ldap server is
> using to encrypt?

See above.

> How can I configure my ldap server to manage the passwords encrypted
> with crypt?

Use any utility, perl or whatever. There are plenty around. Encrypt/hash
the password on the command line or in a shell file, utility or whatever
and give it to ldapmodify as (literally:) {crypt}password string,
{md5}passwordstring etc. The server will do the rest, if it's been
compiled correctly.

If you use Linux, Solaris, BSD get hold of GQ - the latest version. It
will teach you a lot.

> have a nice day

I did, thank you. It's nearly time for bed.




Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl