Re: [389-users] find the password encryption hash from the command line?

Najmuddin Sun, 12 Jan 2014 06:02:41 -0800

The global/default password hashing algorithm is stored in
passwordStorageScheme (cn=congi),


# ldapsearch -x -D cn=directory\ manager -w xxxx -LLL  -b "cn=config" -s
base passwordStorageScheme
dn: cn=config
passwordStorageScheme: SSHA

To find the hashing algorithm used on an existing user entry:

# ldapsearch -LLL -x -D cn=Directory\ Manager -w xxxx  -b <base_dn>
uid=luser1  userPassword

dn: uid=luser1,dc=example,dc=com
userPassword::
e1NTSEF9czNPcjAyWWhYV3laSXJCUk9tSnhYU2RnbmJyc1hFTU9BaDFxT3c9PQ==

ldapsearch encodes 'userPassword' attribute by default, decode it and check
the {first portion} to get the algorithm used.

# echo
e1NTSEF9czNPcjAyWWhYV3laSXJCUk9tSnhYU2RnbmJyc1hFTU9BaDFxT3c9PQ==|base64 -d

{SSHA}s3Or02YhXWyZIrBROmJxXSdgnbrsXEMOAh1qOw==
^^^^^




On Sat, Jan 11, 2014 at 5:47 PM, Elizabeth Jones <[email protected]> wrote:

> Is there an ldap command that I can use to determine what encryption is
> being used for the passwords in my 389 DS?
>
> Elizabeth J
>
> --
> 389 users mailing list
> [email protected]
> https://admin.fedoraproject.org/mailman/listinfo/389-users




-- 
Cheers
Najmuddin

--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] find the password encryption hash from the command line?

Reply via email to