[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: {CRYPT} password to {SHA}

To: openldap-technical@OpenLDAP.org
Subject: Re: {CRYPT} password to {SHA}
From: Jeroen van Aart <kroshka@atypon.com>
Date: Thu, 05 Jun 2008 10:55:21 -0700
In-reply-to: <200806050803.56281.bgmilne@staff.telkomsa.net>
References: <d363b8eb0806040600j31ac9698w6b20d10b32a1110@mail.gmail.com> <200806041156.09058.jmedina@e-compugraf.com> <4846D8CF.1000405@atypon.com> <200806050803.56281.bgmilne@staff.telkomsa.net>
User-agent: Icedove 1.5.0.14eol (X11/20080509)

Buchan Milne wrote:

Except by brute-forcing, no.

If you think logically about this, you will realise that this should be impossible.

Yes I pretty much figured both answers, was just making sure I didn't overlook something.

The best option here is to change the default password hashing method (see the 'password-hash' directive for slapd.conf), and force password changes (if done via an LDAP password change extended operation, slapd will take care of hashing the password correctly).

How would I force a password change? Currently authentication through LDAP (using pam) is done mainly for email and ssh to a lesser extent.

Regards,
Jeroen

References:
- How to lock user
  - From: "Gustavo Mendes de Carvalho" <gmcarvalho@gmail.com>
- Re: How to lock user
  - From: Jorge Armando Medina <jmedina@e-compugraf.com>
- {CRYPT} password to {SHA}
  - From: Jeroen van Aart <kroshka@atypon.com>
- Re: {CRYPT} password to {SHA}
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: sasl problem with Scientific Linux / RedHat but not with debian?!
Next by Date: Re: {CRYPT} password to {SHA}
Index(es):
- Chronological
- Thread