[Fedora-directory-users] SSHA Seed?
Robert r. Sanders
robert.sanders at ipov.net
Thu May 25 18:53:34 UTC 2006
That sounds reasonable; but it doesn't appear to work. Let me go into
the details a little more:
1. FDS + Samba3 on one server with user's passwords stored as SSHA
Hashed values.
2. New OpenLDAP install on a different server (used by other services
on that machine, and no they won't play nice w/ external ldap
server); this server is also setup (already) to store passwords
using SSHA.
3. We want to copy the hashed password value from FDS and put in it
into the OpenLDAP server as the userPassword attribute for the
users; however the other server is using a different sha seed,
therefore when it tries to compare the value entered by the user
to the stored value it fails (as it is using its own seed to
re-hash the password and do the comparison).
So that's where we stand. Currently have been told to simply set all
users in the OpenLDAP to a default value and make them reset their
passwords on that server if they want to.
Mike Jackson wrote:
> Robert r. Sanders wrote:
>> Yeah, but what I want to do is copy the HASH from one server to the
>> other.
>>
>>
>
> In that case, you don't need to do anything.
>
> If you have FDS set to do hashing in SSHA, and you send a cleartext
> string as a userPassword modify, then FDS SSHA hashes it for you.
>
> If you send a string prefixed with {SSHA} as a userPassword modify,
> FDS does not hash it for you.
>
> --
> mike
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
www.ipov.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20060525/d53d0f7e/attachment.html>
More information about the 389-users
mailing list