----- "Howard Chu" hyc@symas.com wrote:
ghenry@OpenLDAP.org wrote:
Hi All,
I'm just testing bdb encryption and it works as expected out of the
box.
But I'm trying to decrypt it using the bdb tools:
[ghenry@suretec openldap-data]$
/usr/local/BerkeleyDB.4.7/bin/db_verify objectClass.bdb
db_verify: Encrypted environment: no encryption key supplied Segmentation fault
Interesting. It shouldn't segfault, perhaps you should report that as a bug to Oracle.
Will do. If I use "cryptkey testing" all tools work. If I enter the wrong password using cryptkey is segfaults again after stating wrong pass.
So it segfaults, but it's the same with the key:
[ghenry@suretec openldap-data]$
/usr/local/BerkeleyDB.4.7/bin/db_verify -P "testing" objectClass.bdb
db_verify: Invalid password Segmentation fault
testing is set in slapd.conf via "cryptfile" and has the word
"testing" in it:
How did you create the file? If you simply created it as a plain text file, then it probably has a trailing NewLine as well. In which case, the NewLine is part of the password...
Checked this and recreated vi vim and just:
echo testing > cryptfile.
All results in the same invalid password and segfault.
Cheers.
ghenry@OpenLDAP.org wrote:
----- "Howard Chu"hyc@symas.com wrote:
How did you create the file? If you simply created it as a plain text file, then it probably has a trailing NewLine as well. In which case, the NewLine is part of the password...
Checked this and recreated vi vim and just:
echo testing> cryptfile.
All results in the same invalid password
Of course, because you're still writing the trailing NewLine. Learn something about Unix files and commands... The behavior here is exactly the same as with the ldapsearch -y option. Use e.g. "echo -n" (depending on your shell / echo implementation)...
openldap-technical@openldap.org
-
ghenry@OpenLDAP.org -
Howard Chu