Hi Ricardo,
the hash type CRYPT-SHA512 would be the right for you. It uses the
default 5000 rounds.
You can also use the hash type PLAIN to get passwords hashed on server
side. Then it will take your OpenLDAP settings.
Best regards
Roland
Am 17.02.22 um 22:46 schrieb Ricardo Barbosa via Lam-public:
Hi all.
I have an openldap server that uses CRYPT and I configured the following
parameters:
olcPasswordHash: {CRYPT}
olcPasswordCryptSaltFormat: $6$rounds=500000$%.16s
Tried creating the hash via mkpasswd:
- Salt: VyYvUQWwsZ1AsTBm
- Password: 123456
- Rounds: 50000
bash# mkpasswd --rounds 500000 -m sha-512 --salt VyYvUQWwsZ1AsTBm 123456
$6$rounds=500000$VyYvUQWwsZ1AsTBm$zChC.pGJexMUGE4DDIt/0KHBF/GIgUDHBioXUfGk1mv/9NqLtcP1qYDEOJjgukX6sxI7hQLvISF7aZ.wYJaCY0
bash#
However in lam I try to set the hashtype to CRYPT or CRYPT-SHA512 the defined hash does not appear to
be the same as the string above at least the strings are not
"$6$rounds=500000$<salt>$<hash>".
An example:
{CRYPT}poXG.vkU7ENC6
When I change the password via ldappasswd it sets the hash similar to the
output of the mkpasswd command.
Any idea?
best regards.
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public