Thanks for your advice. but i have no chicese to use DES in this case. i must do that even it'll be temporary.
in message "Antw: How to make ldap evaluate clear text password vs DES stored password", "Ulrich Windl" Ulrich.Windl@rz.uni-regensburg.de wrote:
Hi!
I think that traditional UNIX crypt passwords are obsolete for at least 10 years. I also think that there are online services that could decode your DES-encoded challenges in a few seconds if not even faster...
What I mean to says is: Don't spend time in getting DES passwords, upgrade your security instead.
Modern systems encode passwords like this (note the difference in length!): :$6$CM21wofswJzjH.NfEtuX3m6Hjtx4H0mLq4MID3JqK254DCIw6Sjeh1kmI27DEwcAb8ilxb8KH08PmQIcTD8XloWFAXKmC/uuR1
See man crypt(3) for glibc: I knows about: Traditional DES-based Extended BSDI-style DES-based FreeBSD-style MD5-based SHA256 based SHA512 based OpenBSD-style Blowfish-based (bcrypt)
So I guess you get the idea...
Regards, Ulrich
yokoyamy@jacic.or.jp schrieb am 20.09.2018 um 01:43 in Nachricht
201809192343.w8JNh4VT026857@mbox.securemx.jp:
Hi.
I have user information in RDB which include user?id and password set.
I’ve been trying to use this RDB as backend database for openldap server.
Now,I can find user information in RDB through openldap.
However, I recognized I can’t use this user information for ldap login certification process.
LDAP’s userPassowrd stored in the RDB has been already DES hashed by original app. On the other hand, input password from ldapseach command line
is CREARTEXT.
Now I’d like my openldap to change CREATEXT input password into DES hassed text so that they'll match for certification.
I've asked this topic on stackoverflow web site how to do that by server settings.But I couldn’t find proper directives to set.
How to make ldap evaluate clear text password vs DES stored password
Since then,I’ve been searching LDAP source files which is matching input password from ldapsearch command line against userPassword stored in backend
RDB for slapd.
I’d like to change certification process of LDAP source file to make input password into DES hashed by using 2 characters of userPassword as its SALT.
I've already known that 2 characters at the beginning of userPasswordwas used as its SALT when it was hashed.
So the fact is ,my slapd can read userPassword from the RDB. I think I'll be
able to find out what will be SALT to make input password into DES hashed text.
If I can make opeldap to act this way,I can use user's infomation in the RDB
to ldap login inforomation wiht seamless.