fedora-directory-users-request(a)redhat.com wrote:
Date: Tue, 18 Apr 2006 20:14:31 +0300
From: Mike Jackson <mj(a)sci.fi>
dennis(a)demarco.com wrote:
> I would like to export the MD5 hash from the Fedora directory user's
> password attribute into /etc/shadow of a Linux machine not in LDAP
> (Redhat).
>
> It appears this isn't working, is there a way for me to do this? Not all
> machines are using ldap but I would like to export from ldap.
>
Hi,
I haven't tried this, but here's an idea just off the top of my head
which _might_ work:
1. take away the {MD5} from the string
2. base64 decode the rest of the string
3. convert the string to hex
4. put the $1$ at the front of the hex string
5. put the whole string into the password field in /etc/shadow and test
If that works, you could write a perl script to automate the procedure.
And report back to the list as well :-)
No, the password field is not in hex, it uses the same 6-bit encoding
that DES crypt() uses, which is different from base64. base64 uses the
characters [A-Z][a-z][0-9]+/ while crypt uses the characters
./[0-9][A-Z][a-z] (in those exact orders).
--
-- Howard Chu
Chief Architect, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc
OpenLDAP Core Team
http://www.openldap.org/project/