I'm running OpenLDAP 2.3.24 on a production server. As I was in a hurry and discovering LDAP when I installed it, I didn't enforce any password policy.
Now I would like to identify weak passwords to warn their users. What are my options?
Best regards, Thierry.
At 12:37 PM 12/4/2006, Thierry Lacoste wrote:
I'm running OpenLDAP 2.3.24 on a production server. As I was in a hurry and discovering LDAP when I installed it, I didn't enforce any password policy.
Now I would like to identify weak passwords to warn their users. What are my options?
a) write an overlay taking an appropriate action on detection b) deal with this on the client side
-- Kurt
<quote who="Thierry Lacoste">
I'm running OpenLDAP 2.3.24 on a production server. As I was in a hurry and discovering LDAP when I installed it, I didn't enforce any password policy.
Now I would like to identify weak passwords to warn their users. What are my options?
man slapo-ppolicy
As far as I understand it, the warning element will be dependant on how your client/application interprets results given from using above.
Another option is export you ldap user password on the form userid:userPassword for a file and use John the Ripper to try crack them. Weaks passwords are shown on few minutes. If your password is on SSHA format, you'll need apply a patch on the JtR.
On 12/4/06, Thierry Lacoste lacoste@univ-paris12.fr wrote:
I'm running OpenLDAP 2.3.24 on a production server. As I was in a hurry and discovering LDAP when I installed it, I didn't enforce any password policy.
Now I would like to identify weak passwords to warn their users. What are my options?
Best regards, Thierry.
Thanks you very much. My passwords are SSHA encoded so I compiled a patched JtR. Just for the record, I first used ldapsearch to export the userid:userPassword tuples in a file and was trapped by the base64 encoding of SSHA passwords. Using the Net::LDAP perl module to generate this file works great.
Regards, Thierry.
On Wednesday 06 December 2006 15:25, Cleber P. de Souza wrote:
Another option is export you ldap user password on the form userid:userPassword for a file and use John the Ripper to try crack them. Weaks passwords are shown on few minutes. If your password is on SSHA format, you'll need apply a patch on the JtR.
On 12/4/06, Thierry Lacoste lacoste@univ-paris12.fr wrote:
I'm running OpenLDAP 2.3.24 on a production server. As I was in a hurry and discovering LDAP when I installed it, I didn't enforce any password policy.
Now I would like to identify weak passwords to warn their users. What are my options?
Best regards, Thierry.
openldap-software@openldap.org
-
Cleber P. de Souza -
Gavin Henry -
Kurt D. Zeilenga -
Thierry Lacoste