On Tue, 9 Oct 2001, Andre Oppermann wrote:
=>Slepp Lukwai wrote:
=>>
=>> On the newer Slackware Linux distributions, the crypt method uses an MD5
=>> based check. I'm wondering if the passwords from /etc/shadow can be
=>> dropped straight into userPassword in an LDAP entry if prefixed with
=>> {MD5}.
=>>
=>> But, a password looks like:
=>>
=>> $1$0Extvkbl$UZAJdyCwsC9JaHTysElXB.
=>>
=>> I figure the $ is a delimeter, giving me:
=>>
=>> 1 0Extvkbl UZAJdyCwsC9JaHTysElXB.
=>>
=>> Is anyone familiar with this encryption method? And is it at all directly
=>> portable into an LDAP directory using one of the standard userPassword
=>> hashes?
=>
=>The password you have there is simply hex. For ldap you need base64
=>encoding. So you have to write a simple script converting the linux
=>passwords back to binary and then to base64. Should be no problem
=>with perl or with a shell script.
Well, I don't recall hex encodings including anything beyond a-f. I've
done a little more research into it, and found that it is an MD5 encoding,
and the salt is:
0Extvkbl
The $1 is the header to the crypt function to use MD5 instead of DES.
Now, since that above doesn't appear to be raw hex values to me, do you
mean to convert it from something into binary then base64'd?
If I were to convert that password into $1$salt$md5-crypt, would I use the
following in LDAP:
{CRYPT}base64-encoded-string-of-above
or would i use {CRYPT}$1$salt$md5-crypt and base64 encode that whole item?
I know that when I use ldapadd, I'm able to drop in {SSHA}crypt using the
results from slappasswd. But, slappasswd won't return a {CRYPT} that has
the MD5 salt/etc. included in it.
I've looked some more and I've found some people have had it work with
{crypt}$1$salt$md5-crypt
But, it doesn't seem to work for me :P Any further ideas?
