From users-return-3594-apmail-directory-users-archive=directory.apache.org@directory.apache.org Fri Oct 08 13:22:55 2010 Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 60649 invoked from network); 8 Oct 2010 13:22:55 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 8 Oct 2010 13:22:55 -0000 Received: (qmail 66769 invoked by uid 500); 8 Oct 2010 13:22:55 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 66689 invoked by uid 500); 8 Oct 2010 13:22:54 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 66681 invoked by uid 99); 8 Oct 2010 13:22:54 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Oct 2010 13:22:54 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of linus@vangeuns.name designates 209.85.216.171 as permitted sender) Received: from [209.85.216.171] (HELO mail-qy0-f171.google.com) (209.85.216.171) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Oct 2010 13:22:47 +0000 Received: by qyk9 with SMTP id 9so2528460qyk.16 for ; Fri, 08 Oct 2010 06:22:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.70.204 with SMTP id e12mr2009813qcj.113.1286544138964; Fri, 08 Oct 2010 06:22:18 -0700 (PDT) Received: by 10.229.232.68 with HTTP; Fri, 8 Oct 2010 06:22:18 -0700 (PDT) X-Originating-IP: [85.115.14.34] In-Reply-To: <4CAF17A9.8090301@infineon.com> References: <4CAE1DDA.30603@mail.nih.gov> <4CAF17A9.8090301@infineon.com> Date: Fri, 8 Oct 2010 15:22:18 +0200 Message-ID: Subject: Re: [ApacheDS] Hash question From: Linus van Geuns To: users@directory.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hey! On Fri, Oct 8, 2010 at 3:07 PM, Martin Schuster (IFKL IT OS DS CD) wrote: > On 10/07/2010 09:22 PM, Jason Russler wrote: >> =C2=A0 Can the (MD5) password hashes from a shadow file be re-encoded to >> something Apache DS can understand >> > re-encoding is not possible, but you can check which algorithm is used > in your shadow-file (e.g. if the passwords there start with $1$ it's > MD5, see crypt(3) for a list), and then check if ApacheDirServer knows > that algorithm. > > Using DirectoryStudio I can see the following hash-algos when setting > a userPassword: SHA, SSHA, MD5, SMD5, CRYPT > (don't know if that list is queried from the server or hardcoded into > DirStudio) > > So if you currently have > $1$PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ > in /etc/shadow, you can try > {MD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ As your example hash is salted, it should be: {SMD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ (AFAIK) Regards, Linus