[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can password-hash be database specific? also, storing and verifying cleartext passwords

Tom Leach <leach@coas.oregonstate.edu> writes:

> Also, how do I verify that the passwords are stored in cleartext?
> On a test server, I've created just the radius database with a global
> 'password-hash {CLEARTEXT}', I have the following ldif file that I add
> with:
> ldapadd -x -W -v -D 'cn=Manager,o=radius' -f mac.ldif -h ldap_server
> Contents of mac.ldif:
>     dn:uid=001e68d08ff9,o=radius
>     uid: 001e68d08ff9
>     cn: 001e68d08ff9
>     userPassword: {cleartext}001e68d08ff9
>     objectClass: top
>     objectClass: radiusProfile
>     objectClass: radiusObjectProfile
> but when I use ldapsearch or slapcat to dump the database, the
> userPassword line looks to be hashed.
>     userPassword:: e2NsZWFydGV4dH0wMDFlNjhkMDhmZjk=

This is just the base64 encoding of the plaintext password. You may
decode this by mmencode -u


Dieter Klünter | Systemberatung
sip: +49.40.20932173