[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with cleartext password setup

To: openldap-software@openldap.org
Subject: Re: problem with cleartext password setup
From: Karsten KÃnne <kuenne@rentec.com>
Date: Tue, 5 Feb 2008 15:12:04 -0500
Cc: Pat Riehecky <prieheck@iwu.edu>
Content-disposition: inline
In-reply-to: <1202238875.1480.251.camel@thales>
Organization: Renaissance Technologies Corp.
References: <1202238875.1480.251.camel@thales>
User-agent: KMail/1.9.6 (enterprise 20071221.751182)

On Tuesday 05 February 2008 14:14:35 Pat Riehecky imposed structure on a
stream of electrons, yielding:
> My reading the archives has lead me to believe that DIGEST-MD5 will
> require me to store passwords in cleartext.  To evaluate the usefulness
> of this at my site (little point in storing them cleartext if nothing
> can use DIGEST-MD5) I have setup a test server, but the password keeps
> getting hashed
>
> I have added password-hash {CLEARTEXT} to my slapd.conf  (which gave me
> password-hash {CLEARTEXT},{SSHA},{SMD5},{CRYPT}).  That didn't do it, so
> I went for just password-hash {CLEARTEXT}.  That also keeps getting my
> passwords hashed.
>
> Strangely they are not prefixed with the {HASHTYPE}.
>
> When I run
> ldappasswd -H ldapi:/// -D "cn=testuser,dc=iwu,dc=edu" -w Please -x -s
> please
>
> In LDAP I get
>
> userPassword:: cGxlYXNl
>

Why do you think it's hashed? :

% echo cGxlYXNl | openssl base64 -d | cat 
please

It's cleartext, just base64 encoded.


Karsten.
-- 
Those who in quarrels interpose, must often wipe a bloody nose.

References:
- problem with cleartext password setup
  - From: Pat Riehecky <prieheck@iwu.edu>

Prev by Date: Re: problem with cleartext password setup
Next by Date: Re: problem with cleartext password setup
Index(es):
- Chronological
- Thread