find the password encryption hash from the command line? - 389-users - Fedora mailing-lists

List overview All Threads
Download

find the password encryption hash from the command line?

ACI warnings in error log

want a guaranteed income for...

Elizabeth Jones

11 Jan 2014 11 Jan '14

6:17 a.m.

Is there an ldap command that I can use to determine what encryption is being used for the passwords in my 389 DS?

Elizabeth J

Reply

Show replies by date

Najmuddin

12 Jan 12 Jan

8:02 a.m.

The global/default password hashing algorithm is stored in passwordStorageScheme (cn=congi),

# ldapsearch -x -D cn=directory\ manager -w xxxx -LLL -b "cn=config" -s base passwordStorageScheme dn: cn=config passwordStorageScheme: SSHA

To find the hashing algorithm used on an existing user entry:

# ldapsearch -LLL -x -D cn=Directory\ Manager -w xxxx -b <base_dn> uid=luser1 userPassword

dn: uid=luser1,dc=example,dc=com userPassword:: e1NTSEF9czNPcjAyWWhYV3laSXJCUk9tSnhYU2RnbmJyc1hFTU9BaDFxT3c9PQ==

ldapsearch encodes 'userPassword' attribute by default, decode it and check the {first portion} to get the algorithm used.

# echo e1NTSEF9czNPcjAyWWhYV3laSXJCUk9tSnhYU2RnbmJyc1hFTU9BaDFxT3c9PQ==|base64 -d

{SSHA}s3Or02YhXWyZIrBROmJxXSdgnbrsXEMOAh1qOw== ^^^^^

On Sat, Jan 11, 2014 at 5:47 PM, Elizabeth Jones bajones@panix.com wrote:

Is there an ldap command that I can use to determine what encryption is being used for the passwords in my 389 DS?

Elizabeth J

-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

-- Cheers Najmuddin

Reply

4442

Age (days ago)

4443

Last active (days ago)

389-users@lists.fedoraproject.org

1 comments

2 participants

tags (0)

participants (2)

Elizabeth Jones
Najmuddin