Using slapd 2.5.13+dfsg-1ubuntu1 on ubuntu 22.10:
=================================================
The password hashes are differing between what "slappasswd" and
"openssl dgst" emit:
$ slappasswd -s secret -h '{SHA256}' -o module-path=/usr/lib/ldap -o
module-load=pw-sha2
{SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=
$ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
With SHA512 on the other hand, the hash generated by different programs is
identical:
$ slappasswd -s secret -h '{SHA512}' -o module-path=/usr/lib/ldap -o
module-load=pw-sha2
{SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
$ echo -n "secret" | openssl dgst -sha512 -binary | openssl enc -base64
vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cm
W192CF5bDufKRpayrW/isg==
On an older box (ubuntu 20.04) with slapd 2.4.49+dfsg-2ubuntu1.9 we're seeing:
==============================================================================
$ slappasswd -s secret -h '{SHA256}' -o module-path=/usr/lib/ldap -o
module-load=pw-sha2
{SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
$ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
So why is the SHA256 password hash generated by the 2.5.13 slappasswd
command different from the hashes generated by the other programs/versions?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
[email protected]
https://www.charite.de
