[Fedora-directory-users] Migrating RHEL users to Directory Server

Rich Megginson rmeggins at redhat.com
Thu Jan 3 19:35:36 UTC 2008 

Jonathan Barber wrote:
> On Mon, Dec 31, 2007 at 02:25:21PM +1100, Joel Heenan wrote:
>   
>> Ok then so from my reading a bit more into how the Linux MD5 sum is
>> calculated it seems that because it includes a salt and is otherwise
>> mangled what I'm attempting to do is impossible and I'll need to get
>> users to set passwords manually. Is this correct?
>>     
>
> Yes.
>
> If you want to postpone having to get your users to reset their
> passwords, you could try the pam-passthru plugin:
> http://cvs.fedoraproject.org/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/README?root=dirsec&rev=1.6&view=auto
>
>   
>> I was hoping that I could take the Linux PAM MD5 and plonk it inside
>> Directory Server but this doesn't seem possible. Unless there is some
>> plugin designed for this that understands Linux MD5?
>>     
>
> Not that I know of, but it shouldn't be that difficult to write using
> the existing pwdstorage plugins as a starting point.
>   
You might try the crypt format.  On most linux platforms, system crypt 
uses MD5.
>   
>> Thanks
>>
>> Joel 
>>
>>     
>>> -----Original Message-----
>>> From: fedora-directory-users-bounces at redhat.com 
>>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf 
>>> Of Jonathan Barber
>>> Sent: Monday, 24 December 2007 11:49 PM
>>> To: General discussion list for the Fedora Directory server project.
>>> Subject: Re: [Fedora-directory-users] Migrating RHEL users to 
>>> Directory Server
>>>
>>> On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote:
>>>       
>>>> Fedora Directory Users,
>>>>
>>>> I have a bunch of users currently using local RHEL 4 local 
>>>>         
>>> unix user 
>>>       
>>>> accounts for their usernames and passwords and I would like 
>>>>         
>>> to migrate 
>>>       
>>>> them to Directory Server. My question concerns the MD5 sum password.
>>>>
>>>> I tried adding a user joeltest with password joeltest and I 
>>>>         
>>> got hash:
>>>       
>>>> JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0
>>>>
>>>> from RHEL but I got hash:
>>>>
>>>> WGvQgGYUH2UOX2ZA1IQeyQ==
>>>>         
>>> This value is the base64 encoded value of the md5 digest of 
>>> the password, and is the same as the md5 digest of "joeltest":
>>> $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl 
>>> base64 WGvQgGYUH2UOX2ZA1IQeyQ== $
>>>
>>> Regards.
>>>
>>>       
>>>> >From Directory Server when I set the same password.
>>>>
>>>> I'm guessing this is to do with further encodings placed on the 
>>>> password hash. Hoping someone has done this before and can 
>>>>         
>>> point me in 
>>>       
>>>> the right direction?
>>>>
>>>> Thanks
>>>>
>>>> Joel
>>>>         
>>> --
>>> Jonathan Barber
>>> High Performance Computing Analyst
>>> Tel. +44 (0) 1382 386389
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>       
>> The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files.
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>     
>
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080103/603358ec/attachment.bin>

More information about the 389-users mailing list