Tom Leach <le...@coas.oregonstate.edu> writes: [...] > Also, how do I verify that the passwords are stored in cleartext? > On a test server, I've created just the radius database with a global > 'password-hash {CLEARTEXT}', I have the following ldif file that I add > with: > ldapadd -x -W -v -D 'cn=Manager,o=radius' -f mac.ldif -h ldap_server > > Contents of mac.ldif: > dn:uid=001e68d08ff9,o=radius > uid: 001e68d08ff9 > cn: 001e68d08ff9 > userPassword: {cleartext}001e68d08ff9 > objectClass: top > objectClass: radiusProfile > objectClass: radiusObjectProfile > > but when I use ldapsearch or slapcat to dump the database, the > userPassword line looks to be hashed. [...] > userPassword:: e2NsZWFydGV4dH0wMDFlNjhkMDhmZjk= [...]
This is just the base64 encoding of the plaintext password. You may decode this by mmencode -u -Dieter -- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6