[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Newbie MD5 encryption question

Okay... I see in some archives, that you can prefix the password with {md5}...
so I tried that.

It went in okay.. but how do I know it's md5 encrypted or just that the
characters {md5} got scrambed in the search results.

Is there a way to get cleartext passwords out of an ldapsearch?


-----Original Message-----
From: Mitchell, Louise M 
Sent: Thursday, September 13, 2001 11:12 AM
To: openldap-software@OpenLDAP.org
Subject: Newbie MD5 encryption question


Sorry for the newbie question...

My environment:
	OpenLDAP 2.0.12
             Solaris 2.6

I was trying to turn on MD5 encryption, which I assumed would automatically
encrypt the 'userPassword' attribute.

Based on an email from the list, I added the following line to the ldap.conf:

pam_pasword MD5

I didn't see this in the man page for ldap.conf, so I wasn't sure it was the
right thing to do.

I then restarted slapd.

I then added an entry with the same userPassword as an existing entry
  ... and compared them ..

I expected to see the userPassword entry be significantly different, but it
wasn't ( see sample below )...

# 0040400, extern_accts, apps, IOPS
dn: cn=0040400,cn=extern_accts,dc=apps,dc=IOPS
objectClass: person
objectClass: uidobject
objectClass: top
userPassword:: bmV3cGFzcw==
sn: John W. Smith
cn: 0040400
uid: John W. Smith

# 0040499, extern_accts, apps, IOPS
dn: cn=0040499,cn=extern_accts,dc=apps,dc=IOPS
objectClass: person
objectClass: uidobject
objectClass: top
userPassword:: bmV3cGFzcw==
sn: Jane D. Doe
cn: 0040499
uid: Jane D. Doe

I also saw the following snippet in a message... and wondered how they got the
rootpw to be encrypted in slapd.conf.

Snippets from slapd.conf:
# SSL / TLS Support
TLSCertificateFile      /usr/local/etc/openldap/server.pem
TLSCertificateKeyFile   /usr/local/etc/openldap/server.pem
TLSCACertificateFile    /usr/local/etc/openldap/server.pem
database        ldbm
suffix          "o=forcefield"
rootdn          "cn=root,o=forcefield"
rootpw          {MD5}eySvyLyA5UjWbE5/9yFxxQ==
directory       /var/ldap
# cachesize     10000
dbcachesize     2000000

If there are some resources I'm missing, or a good book I should get, please let
me know.

Thanks for the help,
Louise Mitchell