[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC
From: Marius Paulauskas <mariusp44@gmail.com>
Date: Sat, 28 Feb 2009 15:17:53 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <49A9467F.6050308@sys-net.it>
References: <e647b8d80902261110i4490582u685a3963d58c28cb@mail.gmail.com> <49A9467F.6050308@sys-net.it>
User-agent: Thunderbird 2.0.0.19 (Windows/20081209)

Thanks for comment, Pierangelo.

I did further testing and found out the following.

passord change using ldappasswd works if password-hash is set to CLEARTEXT, SHA and MD5. It doesn't work if it is set to SSHA, SMD5 and CRYPT or, in other words, non of the "salted" algorithms.

Interestingly, I took it further and compiled openldap myself and result is exactly the same. I wonder if that is problem with some ciphering libraries specific to Solaris.

What is an ITS that you suggest to file and where to file it?

Thanks

/M.

Pierangelo Masarati wrote:

Marius P. wrote:

I am trying to change a password for ldap entry using ldappasswd -vx
-D "cn=root,dc=test,dc=com" -w foobarr
"uid=mariusp,ou=people,dc=test,dc=com" and reply I get is:

Result: Other (e.g., implementation specific) error (80)
Additional info: password hash failed

I am running openldap on Solaris 10 latest on SPARC. It is in testing
meaning there is nothing special about its configuration all defaults.
Database has two entries just to play with.

I haven't bothered to compile it myself so just downloaded openldap
2.4.11 from sunfreeware.com with required prerequisits such as
Berkeley DB, SASL, openssl etc.

Everything works fine except this weird problem which looks like a bug.

Password checking (binding) works fine if I manually change
userPassword: attribute no matter what algorithm prefix I use be it
SSHA, crypt or MD5. That tells me that it can succesfully check and
run those algorithms however something breaks when it tries to change
the password like it couldn't hash that supplied password.

Wondering if anyone exprienced similar problem and have any comments
or findings.

As far as I understand, that message could only appear if hashing failed inside the specific hashing mechanism call. Unfortunately, the failure reason depends on what hashing is being used. Can you tell what you set as "password-hash" in slapd.conf(5)? In case, I suggest you file an ITS.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

References:
- ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC
  - From: "Marius P." <mariusp44@gmail.com>
- Re: ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: error in modifying subordinate entries
Index(es):
- Chronological
- Thread