[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: md5 crypt hashed passwords on linux openldap server
The correct fix is to patch the OpenSSL libcrypto library. This is explained
in the FAQ-o-Matic (and has been for quite a long time):
http://www.openldap.org/faq/index.cgi?file=185
Note that the newest versions of OpenSSL have fixed this problem. (Definitely
the problem is gone in 0.9.8; I believe it is also fixed in 0.9.7 but don't
remember at the moment and am unable to check directly.)
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of charlie derr
> Hi Branko,
>
> This appears to me to be the same issue that I (and quite a
> few others)
> have run across before. The fix was to change the order of
> things in the
> XXLIBS part of the Makefile. On openldap 2.0.xx the way to make this
> work is:
>
> XXLIBS = $(LDBM_LIBS) $(SLAPD_LIBS) \
> $(LUTIL_LIBS) \
> $(SECURITY_LIBS) \
> $(LDIF_LIBS)
>
>
>
> I haven't yet used openldap2.1 though so I can't guarantee it'll work.
>
> good luck,
> ~c
>
>
>
> Branko F. Grac(nar wrote:
>
> >Ho there!
> >
> >I would like to migrate /etc/passwd to openldap server.
> Schema setup is done,
> >users are in ldap directory too. I have problem, if the ldap
> server runs on
> >linux platform, then passwords, migrated from /etc/shadow
> are not recognized
> >(bind fails). If ldap server runs on FreeBSD platform with
> the same schema,
> >then md5 crypt passwords are successfully recognized.
> >
> >both ldap servers were compiled with --enable-crypt, both have
> >password-crypt-salt-format "$1$%.8s$" configuration parameter in
> >slapd.conf.
> >
> >is there any way to use $1$8_char_salt$md5_hashed_pass style
> password
> >authentication on linux platform?
> >
> >I use openldap 2.1.12
> >
> >Best regards, Brane