8:51 p.m.
Fedora Directory Users,
I have a bunch of users currently using local RHEL 4 local unix user
accounts for their usernames and passwords and I would like to migrate
them to Directory Server. My question concerns the MD5 sum password.
I tried adding a user joeltest with password joeltest and I got hash:
JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0
from RHEL but I got hash:
WGvQgGYUH2UOX2ZA1IQeyQ==
From Directory Server when I set the same password.
I'm guessing this is to do with further encodings placed on the password
hash. Hoping someone has done this before and can point me in the right
direction?
Thanks
Joel
The information contained in this e-mail message and any accompanying files is or may be
confidential. If you are not the intended recipient, any use, dissemination, reliance,
forwarding, printing or copying of this e-mail or any attached files is unauthorised. This
e-mail is subject to copyright. No part of it should be reproduced, adapted or
communicated without the written consent of the copyright owner. If you have received this
e-mail in error please advise the sender immediately by return e-mail or telephone and
delete all copies. Fairfax does not guarantee the accuracy or completeness of any
information contained in this e-mail or attached files. Internet communications are not
secure, therefore Fairfax does not accept legal responsibility for the contents of this
message or attached files.
6:48 a.m.
On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote:
Fedora Directory Users,
I have a bunch of users currently using local RHEL 4 local unix user
accounts for their usernames and passwords and I would like to migrate
them to Directory Server. My question concerns the MD5 sum password.
I tried adding a user joeltest with password joeltest and I got hash:
JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0
from RHEL but I got hash:
WGvQgGYUH2UOX2ZA1IQeyQ==
This value is the base64 encoded value of the md5 digest of the password,
and is the same as the md5 digest of "joeltest":
$ echo -n "joeltest" | openssl dgst -md5 -binary | openssl base64
WGvQgGYUH2UOX2ZA1IQeyQ==
$
Regards.
>From Directory Server when I set the same password.
I'm guessing this is to do with further encodings placed on the password
hash. Hoping someone has done this before and can point me in the right
direction?
Thanks
Joel
--
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389
9:25 p.m.
Ok then so from my reading a bit more into how the Linux MD5 sum is
calculated it seems that because it includes a salt and is otherwise
mangled what I'm attempting to do is impossible and I'll need to get
users to set passwords manually. Is this correct?
I was hoping that I could take the Linux PAM MD5 and plonk it inside
Directory Server but this doesn't seem possible. Unless there is some
plugin designed for this that understands Linux MD5?
Thanks
Joel
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf
Of Jonathan Barber
Sent: Monday, 24 December 2007 11:49 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Migrating RHEL users to
Directory Server
On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote:
> Fedora Directory Users,
>
> I have a bunch of users currently using local RHEL 4 local
unix user
> accounts for their usernames and passwords and I would like
to migrate
> them to Directory Server. My question concerns the MD5 sum password.
>
> I tried adding a user joeltest with password joeltest and I
got hash:
>
> JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0
>
> from RHEL but I got hash:
>
> WGvQgGYUH2UOX2ZA1IQeyQ==
This value is the base64 encoded value of the md5 digest of
the password, and is the same as the md5 digest of "joeltest":
$ echo -n "joeltest" | openssl dgst -md5 -binary | openssl
base64 WGvQgGYUH2UOX2ZA1IQeyQ== $
Regards.
> >From Directory Server when I set the same password.
>
> I'm guessing this is to do with further encodings placed on the
> password hash. Hoping someone has done this before and can
point me in
> the right direction?
>
> Thanks
>
> Joel
--
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
The information contained in this e-mail message and any accompanying files is or may be
confidential. If you are not the intended recipient, any use, dissemination, reliance,
forwarding, printing or copying of this e-mail or any attached files is unauthorised. This
e-mail is subject to copyright. No part of it should be reproduced, adapted or
communicated without the written consent of the copyright owner. If you have received this
e-mail in error please advise the sender immediately by return e-mail or telephone and
delete all copies. Fairfax does not guarantee the accuracy or completeness of any
information contained in this e-mail or attached files. Internet communications are not
secure, therefore Fairfax does not accept legal responsibility for the contents of this
message or attached files.
5:23 a.m.
On Mon, Dec 31, 2007 at 02:25:21PM +1100, Joel Heenan wrote:
Ok then so from my reading a bit more into how the Linux MD5 sum is
calculated it seems that because it includes a salt and is otherwise
mangled what I'm attempting to do is impossible and I'll need to get
users to set passwords manually. Is this correct?
Yes.
If you want to postpone having to get your users to reset their
passwords, you could try the pam-passthru plugin:
http://cvs.fedoraproject.org/viewcvs/ldapserver/ldap/servers/plugins/pam_...
I was hoping that I could take the Linux PAM MD5 and plonk it inside
Directory Server but this doesn't seem possible. Unless there is some
plugin designed for this that understands Linux MD5?
Not that I know of, but it shouldn't be that difficult to write using
the existing pwdstorage plugins as a starting point.
Thanks
Joel
> -----Original Message-----
> From: fedora-directory-users-bounces(a)redhat.com
> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf
> Of Jonathan Barber
> Sent: Monday, 24 December 2007 11:49 PM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] Migrating RHEL users to
> Directory Server
>
> On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote:
> > Fedora Directory Users,
> >
> > I have a bunch of users currently using local RHEL 4 local
> unix user
> > accounts for their usernames and passwords and I would like
> to migrate
> > them to Directory Server. My question concerns the MD5 sum password.
> >
> > I tried adding a user joeltest with password joeltest and I
> got hash:
> >
> > JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0
> >
> > from RHEL but I got hash:
> >
> > WGvQgGYUH2UOX2ZA1IQeyQ==
>
> This value is the base64 encoded value of the md5 digest of
> the password, and is the same as the md5 digest of "joeltest":
> $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl
> base64 WGvQgGYUH2UOX2ZA1IQeyQ== $
>
> Regards.
>
> > >From Directory Server when I set the same password.
> >
> > I'm guessing this is to do with further encodings placed on the
> > password hash. Hoping someone has done this before and can
> point me in
> > the right direction?
> >
> > Thanks
> >
> > Joel
>
> --
> Jonathan Barber
> High Performance Computing Analyst
> Tel. +44 (0) 1382 386389
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
The information contained in this e-mail message and any accompanying files is or may be
confidential. If you are not the intended recipient, any use, dissemination, reliance,
forwarding, printing or copying of this e-mail or any attached files is unauthorised. This
e-mail is subject to copyright. No part of it should be reproduced, adapted or
communicated without the written consent of the copyright owner. If you have received this
e-mail in error please advise the sender immediately by return e-mail or telephone and
delete all copies. Fairfax does not guarantee the accuracy or completeness of any
information contained in this e-mail or attached files. Internet communications are not
secure, therefore Fairfax does not accept legal responsibility for the contents of this
message or attached files.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389
1:35 p.m.
Jonathan Barber wrote:
On Mon, Dec 31, 2007 at 02:25:21PM +1100, Joel Heenan wrote:
> Ok then so from my reading a bit more into how the Linux MD5 sum is
> calculated it seems that because it includes a salt and is otherwise
> mangled what I'm attempting to do is impossible and I'll need to get
> users to set passwords manually. Is this correct?
>
Yes.
If you want to postpone having to get your users to reset their
passwords, you could try the pam-passthru plugin:
http://cvs.fedoraproject.org/viewcvs/ldapserver/ldap/servers/plugins/pam_...
> I was hoping that I could take the Linux PAM MD5 and plonk it inside
> Directory Server but this doesn't seem possible. Unless there is some
> plugin designed for this that understands Linux MD5?
>
Not that I know of, but it shouldn't be that difficult to write using
the existing pwdstorage plugins as a starting point.
You might try the crypt format. On most linux platforms, system crypt
uses MD5.
> Thanks
>
> Joel
>
>
>> -----Original Message-----
>> From: fedora-directory-users-bounces(a)redhat.com
>> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf
>> Of Jonathan Barber
>> Sent: Monday, 24 December 2007 11:49 PM
>> To: General discussion list for the Fedora Directory server project.
>> Subject: Re: [Fedora-directory-users] Migrating RHEL users to
>> Directory Server
>>
>> On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote:
>>
>>> Fedora Directory Users,
>>>
>>> I have a bunch of users currently using local RHEL 4 local
>>>
>> unix user
>>
>>> accounts for their usernames and passwords and I would like
>>>
>> to migrate
>>
>>> them to Directory Server. My question concerns the MD5 sum password.
>>>
>>> I tried adding a user joeltest with password joeltest and I
>>>
>> got hash:
>>
>>> JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0
>>>
>>> from RHEL but I got hash:
>>>
>>> WGvQgGYUH2UOX2ZA1IQeyQ==
>>>
>> This value is the base64 encoded value of the md5 digest of
>> the password, and is the same as the md5 digest of "joeltest":
>> $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl
>> base64 WGvQgGYUH2UOX2ZA1IQeyQ== $
>>
>> Regards.
>>
>>
>>> >From Directory Server when I set the same password.
>>>
>>> I'm guessing this is to do with further encodings placed on the
>>> password hash. Hoping someone has done this before and can
>>>
>> point me in
>>
>>> the right direction?
>>>
>>> Thanks
>>>
>>> Joel
>>>
>> --
>> Jonathan Barber
>> High Performance Computing Analyst
>> Tel. +44 (0) 1382 386389
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
> The information contained in this e-mail message and any accompanying files is or may
be confidential. If you are not the intended recipient, any use, dissemination, reliance,
forwarding, printing or copying of this e-mail or any attached files is unauthorised. This
e-mail is subject to copyright. No part of it should be reproduced, adapted or
communicated without the written consent of the copyright owner. If you have received this
e-mail in error please advise the sender immediately by return e-mail or telephone and
delete all copies. Fairfax does not guarantee the accuracy or completeness of any
information contained in this e-mail or attached files. Internet communications are not
secure, therefore Fairfax does not accept legal responsibility for the contents of this
message or attached files.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
2:26 a.m.
On Thu, 2008-01-03 at 12:35 -0700, Rich Megginson wrote:
You might try the crypt format. On most linux platforms, system
crypt
uses MD5.
This will work with hashes from /etc/shadow that start '$1$'. It should
also work with the old-style DES hashes that you shouldn't be using
anymore. For example, if you had a shadow line that read:
username:$1$CxLcjTxD$IRuWOqGVHrXJkJsRdPYqq.:12345:0:99999:7:::
Then the userpassword value would be '{crypt}$1$CxLcjTxD
$IRuWOqGVHrXJkJsRdPYqq.'
5954
days inactive
5971
days old
389-users@lists.fedoraproject.org
5 comments
4 participants
participants (4)
-
Andrew C. Dingman -
Joel Heenan -
Jonathan Barber -
Rich Megginson