Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 92994 invoked from network); 8 Oct 2010 15:28:44 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 8 Oct 2010 15:28:44 -0000 Received: (qmail 50220 invoked by uid 500); 8 Oct 2010 15:28:44 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 50184 invoked by uid 500); 8 Oct 2010 15:28:43 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 50176 invoked by uid 99); 8 Oct 2010 15:28:43 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Oct 2010 15:28:43 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of linus@vangeuns.name designates 209.85.216.171 as permitted sender) Received: from [209.85.216.171] (HELO mail-qy0-f171.google.com) (209.85.216.171) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Oct 2010 15:28:36 +0000 Received: by qyk9 with SMTP id 9so94688qyk.16 for ; Fri, 08 Oct 2010 08:28:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.117.136 with SMTP id r8mr2131013qcq.201.1286551694959; Fri, 08 Oct 2010 08:28:14 -0700 (PDT) Received: by 10.229.232.68 with HTTP; Fri, 8 Oct 2010 08:28:14 -0700 (PDT) X-Originating-IP: [85.115.14.34] In-Reply-To: <4CAF2008.5040404@helix.nih.gov> References: <4CAE1DDA.30603@mail.nih.gov> <4CAF17A9.8090301@infineon.com> <4CAF2008.5040404@helix.nih.gov> Date: Fri, 8 Oct 2010 17:28:14 +0200 Message-ID: Subject: Re: [ApacheDS] Hash question From: Linus van Geuns To: Apache Directory Users Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On Fri, Oct 8, 2010 at 3:43 PM, Jason Russler wrot= e: > >>> >>> So if you currently have >>> $1$PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ >>> in /etc/shadow, you can try >>> {MD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ >> >> As your example hash is salted, it should be: >> {SMD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ > > This isn't going to work. =C2=A0I think Apache DS uses a different sized = salt for > SMD5 than a typical shadow file - either that or a larger resultant hash > value. =C2=A0Ah, well, I suppose I can use the "migrate" feature of the p= am_ldap > module. =C2=A0Too bad, Apache DS appears to be a lot easier to deal with = (in > every other respect) than the other LDAP systems I've dealt with. =C2=A0I= 've very > new to it.... Im using OpenLDAP (slapd) and they support shadow hashes at least for MD5,SMD5,SHA1,SSHA1. You just need to put the correct tag in front of your [salted] hash value from /etc/shadow before saving it to userPassword attribute. Regards, Linus