Re: Crypt PWs Stored in LDAP v2 DB

[Terry Davis <tdavis@birddog.com>]

well, I have a process that generates a crypted password from a cgi.

Here are the specs you are interrested in:

$rands = substr(time(),-4);
$salt = ('a'..'z')[int(($rands/100)%26)];
$salt .= ('a'..'z')[int(($rands%100)%26)];
$cryptdpass = crypt($pass,$salt);
$newpass = "{crypt}$cryptdpass";


$pass is the cleartext password.
$newpass is the final password in the form of "{crypt}password"

This is perl.  Hope this helps!
Terry


Bill Gray wrote:

> Terry Davis wrote:
>
> > Are you asking how it comes up with the crypt password?
>
> Yes, thank you. The v1 LDAP DB contained the crypt(3)-ed 
> string as it appeared in the shadow file; the v2 LDAP DB 
> seems to have messed with it somehow.  I'm trying to un-
> derstand why they're different,  and after that,  what
> the correct approach is to storing passwords in v2, since 
> it seems quite different from v1  --where I hadn't given 
> it much thought.
>
> > Bill Gray wrote:
> >
> > > ...
> > > I don't understand the machinations LDAP v2 is going
> > > thru when a user with a userPassword is stored:
> > >
> > >  From the add operation (ldapadd ...)
> > >
> > >      add cn:
> > >              Spam Bait
> > >              Monty Python
> > >      ...
> > >      add userPassword:
> > >              {CRYPT}aWg.nt7m8itGk
> > >
> > >  But then slapcat shows
> > >
> > >      cn: Spam Bait
> > >      cn: Monty Python
> > >      ...
> > >      userPassword:: e0NSWVBUfWFXZy5udDdtOGl0R2s=
> > >
> > > slapd.conf contains
> > >
> > >    password-hash   {CRYPT}
> > >    password-crypt-salt-format  "%.2s"
> > >
> > > ...


--
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059
www.birddog.com