[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: account migration and not force to change password

To: openldap-software@OpenLDAP.org
Subject: Re: account migration and not force to change password
From: Todd Lyons <tlyons@ivenue.com>
Date: Tue, 1 Feb 2005 18:16:52 -0800
Content-disposition: inline
In-reply-to: <42002FDA.2050906@seed.net.tw>
Organization: Ivenue.com
References: <42002FDA.2050906@seed.net.tw>
User-agent: Mutt/1.5.6i

qwerty wanted us to know:

>Yes, I can run some scripts to do the job.But as far as i know,if I'd
>like to use different password hash(say SSHA,MD5....) rather than
>{CRYPT} on LDAP,I must know the actual password for each account and
>then generate new password into LDAP.The question is I don't know these
>password and it looks as though the system password is one-way hash.

Yes, that's correct.  So you must continue to use {CRYPT} format.  The
cool thing about GNU's support of crypt format is that it supports the
old format (8 characters, 2 character salt) and the new format (31
characters, 8 character salt preceded by $1$, typically what's in
shadow).

>Has anyone had experience of related problem and how?

Yep, and I was forced to use the previous format.
-- 
Regards...		Todd
OS X: We've been fighting the "It's a mac" syndrome with upper management
for  years  now.  Lately  we've  taken  to  just  referring  to  new  mac 
installations  as  "Unix"  installations  when  presenting proposals  and 
updates.  For some reason, they have no problem with that.          -- /.
Linux kernel 2.6.8.1-12mdkenterprise   2 users,  load average: 1.28, 1.22, 1.19

Follow-Ups:
- Re: account migration and not force to change password
  - From: qwerty <qwerty@seed.net.tw>

References:
- account migration and not force to change password
  - From: qwerty <qwerty@seed.net.tw>

Prev by Date: account migration and not force to change password
Next by Date: Migration
Index(es):
- Chronological
- Thread