[Fedora-directory-users] Importing pre-encrypted passwords into FDS

[Jonathan Barber]

On Mon, Feb 11, 2008 at 08:34:47AM +0000, Howard Wilkinson wrote:
> I am sure I have seen discussion of this problem on the mailing list but 
> cannot find it after some hours of exhaustive search.
> 
> I have a ldif dump of an OpenLDAP dit that I would like to import into 
> FDS. Everything works except the passwords. The password fields are 
> pre-encrypted as in
> 
> userPassword:: e2NyeXB0fSQxJDQ3MzI3NzgyJEY5RTQxMXJQQVdUV2Zhbnp6ZWZWcC4=

The "::" tells you it's base64 encoded:
$ echo "e2NyeXB0fSQxJDQ3MzI3NzgyJEY5RTQxMXJQQVdUV2Zhbnp6ZWZWcC4=" | openssl base64 -d 

This is MD5 rather than traditional DES crypt.


As long as your version of FDS is linked against glibc, it should just
passwords then they'll be stored in the scheme FDS is configured to use
(default is SSHA).


> I think this is probably MD5 encoded! Not sure how I find out definitively.
> 
> I know I can import this into FDS but how do I tell FDS it is 
> pre-encrypted? And what are the encryption options?

If you import with the "{scheme}" sigal then FDS knows it's already
hashed and doesn't do it again.

> Does anybody know if I am right about MD5?
> 
> Regards, Howard
> -- 
> 
> Howard Wilkinson
> 
> 	
> 
> Phone:
> 
> 	
> 
> +44(20)76907075
> 
> Coherent Technology Limited
> 
> 	
> 
> Fax:
> 
> 	
> 
> 
> 
> 23 Northampton Square,
> 
> 	
> 
> Mobile:
> 
> 	
> 
> +44(7980)639379
> 
> United Kingdom, EC1V 0HL
> 
> 	
> 
> Email:
> 
> 	
> 
> howard at cohtech.com
> 
> 
> 

> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users


-- 
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389