I hope this hasn't been addressed too many times before - I've tried to check
the list archives for answers and didn't find what I'm looking for.
I've got a need to support users with cleartext, crypt and system md5
passwords stored in LDAP (OpenLDAP). Right now I'm doing cleartext (eww)
and crypt by setting LDAP_AUTHBIND to 1 and letting OpenLDAP deal with the
password format. The crypted passwords have {CRYPT} prepended too them and
OpenLDAP is happy with this.
The time has come where I need to support MD5 passwords. These are in the
8 character salted version you might see in /etc/shadow. OpenLDAP supports
salted MD5 password hashes, but only with 2 bytes of salt, as far as I can see.
This would be the {SMD5} format in LDAP. Since I don't have that type of
hash, using ldap binds to authenticate isn't going to work any more.
I've used system type MD5 password hashes with Courier before (notably with
MySQL) by having courier to the password comparison (LDAP_AUTHBIND 0). The
problem here is then still supporting the cleartext passwords. Currently
all my passwords accessed by LDAP_CRYPTPW via the userPassword attribute in
LDAP. For Courier to understand the clear passwords, if I understand this
properly, I would need to list them in LDAP_CLEARPW. Can both types be
specified in the same configuration? What happens if either is missing, or
of both exist?
The only solution I see right now is to stick with LDAP_AUTHBIND 0, and take
all my clear passwords and send them through either a system MD5 hash, or
crypt.
Comments and ideas?
--
Joshua Warchol
UNIX Systems Administrator
DSL.net
-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
