[Date Prev][Date Next] [Chronological] [Thread] [Top]

using {CRYPT} for rootpw, using SHA512?

I've been messing with trying to get SHA512 password hash formats in
openldap 2.4.39 under a 64-bit CentOS 6 distribution, using the LTB RPMs.

I have read the FAQ at http://www.openldap.org/faq/data/cache/1467.html

- The first entry describes a third-party module; I have been
  using that for years on a 32-bit CentOS 5 platform, using the
  vendor-provided openldap-2.3.43 RPMs.

  My efforts to build that module for 2.4.39 seemed to build clean,
  but effort to bind as a user with a {SHA512} hashed password cause
  slapd to segfault.

  I didn't try very hard to track that down, as there seem to be
  better supported techniques.

- The third entry describes a slapo-pw-sha2 overlay, but no LTB RPM
  provides the overlay.  I tried exactly once to build this overlay,
  but that failed due to a configure failure.  I blame me; I'll
  revisit this when I have the time.

However, I had some luck with the second entry, using {CRYPT}.

Following these instructions, I was able to create users, successfully
bind, and even use ldappasswd to change the passwords:

But, when I generated a hashed password using suggestions like this:


  # python -c 'import crypt; print crypt.crypt("test", "$6$random_salt")'

and tried to embed this rootpw in my config file; 

  rootpw {CRYPT}$6$random_salt$BnOQxEG8Gk2rzFYwoWXjr59zLVYzwshvca5oV0PtU8fAfT4a571evgca.E0hLnYNCdfq//zw9YyQN33QtztI10

I would get bind errors.

Have I misunderstood how to use {CRYPT} for storing root's password?

Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large