[
https://issues.apache.org/jira/browse/DIRSTUDIO-1226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16846380#comment-16846380
]
SPChan edited comment on DIRSTUDIO-1226 at 5/23/19 2:40 AM:
------------------------------------------------------------
Possibly this is some non-standard 389-DS format for hashed password. Feel free
to close if that is the case. The scheme used is with underscore
{{PBKDF2_SHA256}}, not like the example below which uses {{- (dash)}} in the
scheme name.
C.f. OpenLDAPs {{PBKDF2-SHA256}}: The stored value in 389-DS is disimilar to
OpenLDAP.
[https://serverfault.com/questions/569014/does-openldap-support-pbkdf2-hash-algorithm]
{code:java}
userPassword:
'{PBKDF2-SHA256}10000$LBwTpUPGqxdH$8pDqhAruY94IhhuCZLost471pGImy//wH0pS25LO/YI='{code}
was (Author: space88man):
Possibly this is some non-standard 389-DS format for hashed password. Feel free
to close if that is the case.
The stored value does not look anything like the example from:
[https://serverfault.com/questions/569014/does-openldap-support-pbkdf2-hash-algorithm]
{code:java}
userPassword:
'{PBKDF2-SHA256}10000$LBwTpUPGqxdH$8pDqhAruY94IhhuCZLost471pGImy//wH0pS25LO/YI='{code}
> Cannot verify PBKDF2_SHA256 passwords
> -------------------------------------
>
> Key: DIRSTUDIO-1226
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1226
> Project: Directory Studio
> Issue Type: Bug
> Reporter: SPChan
> Priority: Major
> Fix For: 2.0.0-M14
>
>
> For userPassword stored as PBKDF2_SHA256:
> Edit Value -> Verify Password -> (enter password) -> Verify fails.
> Edit Value -> Verify Password -> (enter password) -> Bind works.
>
> The format of the stored password is from 389-DS:
> {PBKDF2_SHA256}<hashed_data: 324 bytes as base64>
>
> hashed_data = iteration_count: 4 bytes (integer, network order) , salt: 64
> bytes, hash: 256 bytes
> generated using PBKDF2 HMAC-SHA256
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
