directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Linus van Geuns <li...@vangeuns.name>
Subject Re: [ApacheDS] Hash question
Date Fri, 08 Oct 2010 15:28:14 GMT
On Fri, Oct 8, 2010 at 3:43 PM, Jason Russler <jrussler@helix.nih.gov> wrote:
>
>>>
>>> So if you currently have
>>> $1$PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/
>>> in /etc/shadow, you can try
>>> {MD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/
>>
>> As your example hash is salted, it should be:
>> {SMD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/
>
> This isn't going to work.  I think Apache DS uses a different sized salt for
> SMD5 than a typical shadow file - either that or a larger resultant hash
> value.  Ah, well, I suppose I can use the "migrate" feature of the pam_ldap
> module.  Too bad, Apache DS appears to be a lot easier to deal with (in
> every other respect) than the other LDAP systems I've dealt with.  I've very
> new to it....

Im using OpenLDAP (slapd) and they support shadow hashes at least for
MD5,SMD5,SHA1,SSHA1.
You just need to put the correct tag in front of your [salted] hash
value from /etc/shadow before saving it to userPassword attribute.

Regards, Linus

Mime
View raw message