Jan-Frode Myklebust wrote:
> I have a script that tries to sync a userdatabase with
> plaintext username/password in mysql, to a Centos Directory
> Server. Currently I've been pushing the passwords into the
> directory by first creating the SSHA1 hash in python and
> store '{SSHA}' + encode-string in the password field.
>
> But, it occurred to me that I'm not fully sure what I'm doing
> when creating the SSHA1 hash,
If the password is usable afterwards there's nothing wrong with
client-side password hashing. The salt should be at least 4 bytes long.
> so it would be nice to have
> the directory server do the hashing instead. I've found the
> method:
>
> passwd_s(user, oldpw, newpw, [serverctrls=None, [clientctrls=None]])
>
> but are there any way to use that when I don't know the plaintext
> 'oldpw' ?
Simply use None for oldpw.
Ciao, Michael.
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Python-LDAP-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
