[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSHA for rootdn issue



Hi,

joerg@schuetter.org writes:

> Hallo Peter,
>
> On Sun, 10 Aug 2003 16:53:49 +0200
> Peter Marschall <peter@adpm.de> wrote:
>
>> Hi,
>> 
>> On Friday 08 August 2003 22:42, joerg@schuetter.org wrote:
>
>> > base64 decoded password results in: '{CRYPT}LS..2vtaMyelg', but
>> > crypt.crypt('secret', 'LS') (generate crypt with seed 'LS') results
>> > 'LSgOjE04PUmqs'. Is there a reason for using bas64 coded strings?
>> 
>> Although I am not the original poster, I think I can answer your last 
>> question.
>> When doing a ldapsearch, user passwords are returned base 64 encoded.
>> I don't know the exact reason for this behaviour but I assume it's the
>> curly braces that make ldapsearch behave this way.
>
> I sniffed the traffic between OpenLdap 2.1.22 (Debian sid) and gq (also
> Debian sid). The passwort is delivered in plain, no encoding.

GQ only can handle simple binds, thus passwords are transported plain,
but it can handle TLS, which would encrypt the whole session.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de