[Date Prev][Date Next] [Chronological] [Thread] [Top]

{ in cleartext passwords


Over the weekend, I upgraded our 4 server environment from ldbm-backend 
2.0.23 on RedHat 7.1 to bdb-backend 2.2.23 on Debian Sarge. Things went 
quite swimmingly, but I am noticing issues with some of our users that have 
{ as the first character in their password. We store the passwords in 
cleartext in the database, and my workaround has been to convert the 
affected folks' passwords to {CRYPT} hashes, but I think it is only a 
feasible temporary solution, as our password programming application will 
eventually pick an incompatible password.

We have a homebrew application that generates 8 character passwords with 
special characters and posts them to the master in cleartext, then slurpd 
replicates them to the slaves. In the old environment, things were great, 
but now users are not able to authenticate if their password contains a {... 
my guess is because slapd wants to know what type of hash it is stored in. 
The funny thing (ha ha) is that it worked fine in 2.0.23. I don't think 
changing the app is much of an option in the short term, but I want to have 
it tweaked soon.

If it matters, I slapcat'd out the 2.0.23 database, then grep/awk'd it to 
modify the format quite a bit and then toss it into LDIF format, where it 
was added via ldapadd.

Any help is appreciated!