Theunis De Klerk wrote:
> Were these applications that pre-hashed the SSHA passwords, then
sent
> the pre-hashed SSHA password to the server, when adding a user or
> modifying the password? If so, then it could be that the legacy SSHA
> handling was broken.
>
Here is an example of the perl code I used to create the password.
<snip>
my $password = 'thepassword';
use Digest::SHA1;
use MIME::Base64;
my $ctx = Digest::SHA1->new;
$ctx->add($password);
$ctx->add('salt');
my $hashedPasswd = '{SSHA}' . encode_base64($ctx->digest . 'salt'
,'');
</snip>
i.e: the way not to do it.
thanks -
https://bugzilla.redhat.com/show_bug.cgi?id=518520