Hi Ricardo,

the hash type CRYPT-SHA512 would be the right for you. It uses the default 5000 rounds. You can also use the hash type PLAIN to get passwords hashed on server side. Then it will take your OpenLDAP settings.


Best regards

Roland



Am 17.02.22 um 22:46 schrieb Ricardo Barbosa via Lam-public:
Hi all.

I have an openldap server that uses CRYPT and I configured the following 
parameters:

olcPasswordHash: {CRYPT}
olcPasswordCryptSaltFormat: $6$rounds=500000$%.16s

Tried creating the hash via mkpasswd:

- Salt: VyYvUQWwsZ1AsTBm
- Password: 123456
- Rounds: 50000

bash# mkpasswd --rounds 500000 -m sha-512 --salt VyYvUQWwsZ1AsTBm 123456
$6$rounds=500000$VyYvUQWwsZ1AsTBm$zChC.pGJexMUGE4DDIt/0KHBF/GIgUDHBioXUfGk1mv/9NqLtcP1qYDEOJjgukX6sxI7hQLvISF7aZ.wYJaCY0
bash#


However in lam I try to set the hashtype to CRYPT or CRYPT-SHA512 the defined hash does not appear to 
be the same as the string above at least the strings are not 
"$6$rounds=500000$<salt>$<hash>".

An example:

{CRYPT}poXG.vkU7ENC6

When I change the password via ldappasswd it sets the hash similar to the 
output of the mkpasswd command.

Any idea?

best regards.





_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public


_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public

Reply via email to