On Feb 8, 2007, at 5:12 PM, rklein@deep-field.com wrote:
"The passwords from SunONE are stored in SSHA format. This means that for each password a salt has been generated. The password + salt is encoded using SHA1 algorithm. That encoded string + salt is stored in the password field.
Both SunONE and OpenLDAP support SSHA, however, it seems that SunONE uses an 8 byte salt and OpenLDAP uses a 4 byte salt.
For hash generation, yes. But the hash checking code will compute the salt size on a per check basis.
So, when OpenLDAP looks at the password strings, it gets the wrong salt, and will fail to decode the password."
Conclusion doesn't follow.
Have you actually tested this? I believe it just works.
-- Kurt