ssha passwords
fedora
fedora at ayni.com
Tue Apr 12 12:55:12 UTC 2011
At this site, we are using LDAP authentication exclusively. In the LDAP
DIT whe have all kinds of hased passwords including crypt, ssh, ssha. In
front of the password hash of the userPassword attribute we indicate the
type of hash used:
{crypt}/ey2ykUvpobl
{SHA}QwdAWqb3+JCy34khUkrR81af/B
{SSHA}yVvZPg6Pz9WOjEUoLIv2XRpJAQRhzu
We can auttenticate a user via pam, and the mail-message store
authenticates mail users using the same userPassword attribute.
The primary hash is indicated in the LDAP config:
olcPasswordHash: {SSHA}
Thus, when we use the LDAP tools (ldapadd, ldapmodify) to add/change
passwords, the hash type is indicated automatically in the userPassword
attribute as explained above.
suomi
On 2011-04-12 10:53, Judith Flo Gaya wrote:
> Hello,
>
> I'm dealing with ldap and after switching to ssha passwords in the
> server side, my clients are no longer able to change them passwords
> without losing access to the server.
> The issue is related to the different hashing methods (server is using
> ssha and clients (f14) are using crypt).
> Is there any way to force the passwd command to generate ssha hashed
> passwords?
> I've trying to do it through the authconfig command but seems that I can't.
>
> On the other side I would like to make the users able to login even if
> the network fails (i.e the ldap server is unreachable), I've read that
> this can be done with nscd but I don't know neither how nor the
> implications that this change will produce.
>
> Thanks a lot for any help in advance, it will be very appreciated,
> j
More information about the users
mailing list