[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSHA for rootdn issue



Hi,

On Wednesday 13 August 2003 13:08, Dieter Kluenter wrote:
> joerg@schuetter.org writes:
> > Peter Marschall <peter@adpm.de> wrote:
> >> On Friday 08 August 2003 22:42, joerg@schuetter.org wrote:
> >> > base64 decoded password results in: '{CRYPT}LS..2vtaMyelg', but
> >> > crypt.crypt('secret', 'LS') (generate crypt with seed 'LS') results
> >> > 'LSgOjE04PUmqs'. Is there a reason for using bas64 coded strings?
> >>
> >> Although I am not the original poster, I think I can answer your last
> >> question.
> >> When doing a ldapsearch, user passwords are returned base 64 encoded.
> >> I don't know the exact reason for this behaviour but I assume it's the
> >> curly braces that make ldapsearch behave this way.
> >
> > I sniffed the traffic between OpenLdap 2.1.22 (Debian sid) and gq (also
> > Debian sid). The passwort is delivered in plain, no encoding.
>
> GQ only can handle simple binds, thus passwords are transported plain,
> but it can handle TLS, which would encrypt the whole session.

what has this to do with the original question that the ldapsearch command 
line tool returns some values for user passwords base64-encoded ?

Peter
-- 
Peter Marschall
eMail: peter@adpm.de