On Thu, 6 Sep 2001, Federico Sevilla III wrote:
> On Thu, 6 Sep 2001 at 02:32, Ian C. Sison wrote:
> > Added lots of nifty stuff like auto-sensing crypt and crypt-md5
> > passwords
>
> How can you tell which portion of the encrypted password is the encrypted
> password? Here's why I ask. The /etc/shadow, when using MD5, will normally
> have between the first and the second colon delimeters something like
> this:
>
> $1$yLW0nUNi$98qwZGOcwYTAyqwRlbj/u0
Algo:
if 1st three letters is $1$, it's a crypt MD5 password. The 'hash' is
from the start of the string to the third '$'. So pass this entire string
to crypt as the hash.
if not, it's a crypt DES password, pass only the first two letters.
> userPassword: {MD5}yLW0nUNi$98qwZGOcwYTAyqwRlbj/u0
>
> But then slappasswd, when creating MD5 passwords, will spew out something
> like this:
>
> {MD5}NBeXPNZ/N7B35WuC8Mwwbw==
Then this is something that just uses plain MD5, which is incompatible
with the algo that crypt uses. You can't transfer between the two, so you
can't migrate the existing crypt-MD5 passwords to your LDAP store.
> I've found a better solution to my primitive crypt script, though. I use
> slappasswd (duh! hahaha!) to create an SSHA encrypted password then plug
> this in. Unfortunately to do this for every user will require them to
> re-encode their passwords and that'll be one hell of a task for us all. :(
>
> So I still need to figure out how to get my MD5 passwords from /etc/shadow
> into ldap.
if there where a way to use your own code (like your own pam module) you
could do the crypt yourself (that what i did), and just use the fields in
your LDAP store as a container.
>
> --> Jijo
>
> --
> Federico Sevilla III :: [EMAIL PROTECTED]
> Network Administrator :: The Leather Collection, Inc.
> GnuPG Key: <http://jijo.leathercollection.ph/jijo.gpg>
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
