[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Salted passwords, further clarification please

m h wrote:
> I'm trying to write a script to change the rootpw value in slapd.conf.

Why? Parsing slapd.conf yourself is error-prone. If you really need the
rootdn I would disable rootpw in slapd.conf and add a real entry for
rootdn for which you can set the userPassword attribute.

> My question has to do with the random salt.  How do I verify the
> existing password?

>  Going through slappasswd doesn't appear to work,
> since it uses a random salt each time.

Yes, slappasswd is for generating not checking password values.

> Furthermore, how does the server know what the salt is? 

Since you know how long the particular hash value is everything else is
the salt.

> (I read through the FAQ on the website and it says the salt is added
> to the password before encryption).

The salt is randomly chosen and hashed (not encrypted) together with the

Anyway I'd recommend not to mess with slapd.conf at all (see above).

Ciao, Michael.