Jan-Frode Myklebust wrote: > I have a script that tries to sync a userdatabase with > plaintext username/password in mysql, to a Centos Directory > Server. Currently I've been pushing the passwords into the > directory by first creating the SSHA1 hash in python and > store '{SSHA}' + encode-string in the password field. > > But, it occurred to me that I'm not fully sure what I'm doing > when creating the SSHA1 hash,
If the password is usable afterwards there's nothing wrong with client-side password hashing. The salt should be at least 4 bytes long. > so it would be nice to have > the directory server do the hashing instead. I've found the > method: > > passwd_s(user, oldpw, newpw, [serverctrls=None, [clientctrls=None]]) > > but are there any way to use that when I don't know the plaintext > 'oldpw' ? Simply use None for oldpw. Ciao, Michael. ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev