[Date Prev][Date Next]
Re: Salted passwords, further clarification please
m h wrote:
> I'm trying to write a script to change the rootpw value in slapd.conf.
Why? Parsing slapd.conf yourself is error-prone. If you really need the
rootdn I would disable rootpw in slapd.conf and add a real entry for
rootdn for which you can set the userPassword attribute.
> My question has to do with the random salt. How do I verify the
> existing password?
> Going through slappasswd doesn't appear to work,
> since it uses a random salt each time.
Yes, slappasswd is for generating not checking password values.
> Furthermore, how does the server know what the salt is?
Since you know how long the particular hash value is everything else is
> (I read through the FAQ on the website and it says the salt is added
> to the password before encryption).
The salt is randomly chosen and hashed (not encrypted) together with the
Anyway I'd recommend not to mess with slapd.conf at all (see above).