Tom Leach leach@coas.oregonstate.edu writes:
[...]
Also, how do I verify that the passwords are stored in cleartext? On a test server, I've created just the radius database with a global 'password-hash {CLEARTEXT}', I have the following ldif file that I add with: ldapadd -x -W -v -D 'cn=Manager,o=radius' -f mac.ldif -h ldap_server
Contents of mac.ldif: dn:uid=001e68d08ff9,o=radius uid: 001e68d08ff9 cn: 001e68d08ff9 userPassword: {cleartext}001e68d08ff9 objectClass: top objectClass: radiusProfile objectClass: radiusObjectProfile
but when I use ldapsearch or slapcat to dump the database, the userPassword line looks to be hashed.
[...]
userPassword:: e2NsZWFydGV4dH0wMDFlNjhkMDhmZjk=
[...]
This is just the base64 encoding of the plaintext password. You may decode this by mmencode -u
-Dieter