On Mon, Dec 31, 2007 at 02:25:21PM +1100, Joel Heenan wrote:
> Ok then so from my reading a bit more into how the Linux MD5 sum is
> calculated it seems that because it includes a salt and is otherwise
> mangled what I'm attempting to do is impossible and I'll need to get
> users to set passwords manually. Is this correct?
>
Yes.
If you want to postpone having to get your users to reset their
passwords, you could try the pam-passthru plugin:
http://cvs.fedoraproject.org/viewcvs/ldapserver/ldap/servers/plugins/pam_...
> I was hoping that I could take the Linux PAM MD5 and plonk it inside
> Directory Server but this doesn't seem possible. Unless there is some
> plugin designed for this that understands Linux MD5?
>
Not that I know of, but it shouldn't be that difficult to write using
the existing pwdstorage plugins as a starting point.
You might try the crypt format. On most linux platforms, system crypt
uses MD5.
> Thanks
>
> Joel
>
>
>> -----Original Message-----
>> From: fedora-directory-users-bounces(a)redhat.com
>> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf
>> Of Jonathan Barber
>> Sent: Monday, 24 December 2007 11:49 PM
>> To: General discussion list for the Fedora Directory server project.
>> Subject: Re: [Fedora-directory-users] Migrating RHEL users to
>> Directory Server
>>
>> On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote:
>>
>>> Fedora Directory Users,
>>>
>>> I have a bunch of users currently using local RHEL 4 local
>>>
>> unix user
>>
>>> accounts for their usernames and passwords and I would like
>>>
>> to migrate
>>
>>> them to Directory Server. My question concerns the MD5 sum password.
>>>
>>> I tried adding a user joeltest with password joeltest and I
>>>
>> got hash:
>>
>>> JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0
>>>
>>> from RHEL but I got hash:
>>>
>>> WGvQgGYUH2UOX2ZA1IQeyQ==
>>>
>> This value is the base64 encoded value of the md5 digest of
>> the password, and is the same as the md5 digest of "joeltest":
>> $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl
>> base64 WGvQgGYUH2UOX2ZA1IQeyQ== $
>>
>> Regards.
>>
>>
>>> >From Directory Server when I set the same password.
>>>
>>> I'm guessing this is to do with further encodings placed on the
>>> password hash. Hoping someone has done this before and can
>>>
>> point me in
>>
>>> the right direction?
>>>
>>> Thanks
>>>
>>> Joel
>>>
>> --
>> Jonathan Barber
>> High Performance Computing Analyst
>> Tel. +44 (0) 1382 386389
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
> The information contained in this e-mail message and any accompanying files is or may
be confidential. If you are not the intended recipient, any use, dissemination, reliance,
forwarding, printing or copying of this e-mail or any attached files is unauthorised. This
e-mail is subject to copyright. No part of it should be reproduced, adapted or
communicated without the written consent of the copyright owner. If you have received this
e-mail in error please advise the sender immediately by return e-mail or telephone and
delete all copies. Fairfax does not guarantee the accuracy or completeness of any
information contained in this e-mail or attached files. Internet communications are not
secure, therefore Fairfax does not accept legal responsibility for the contents of this
message or attached files.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>