Hi! I think that traditional UNIX crypt passwords are obsolete for at least 10 years. I also think that there are online services that could decode your DES-encoded challenges in a few seconds if not even faster...
What I mean to says is: Don't spend time in getting DES passwords, upgrade your security instead. Modern systems encode passwords like this (note the difference in length!): :$6$CM21wofswJzjH.NfEtuX3m6Hjtx4H0mLq4MID3JqK254DCIw6Sjeh1kmI27DEwcAb8ilxb8KH08PmQIcTD8XloWFAXKmC/uuR1 See man crypt(3) for glibc: I knows about: Traditional DES-based Extended BSDI-style DES-based FreeBSD-style MD5-based SHA256 based SHA512 based OpenBSD-style Blowfish-based (bcrypt) So I guess you get the idea... Regards, Ulrich >>> <yokoy...@jacic.or.jp> schrieb am 20.09.2018 um 01:43 in Nachricht <201809192343.w8jnh4vt026...@mbox.securemx.jp>: > Hi. > > I have user information in RDB which include user‑id and password set. > > I’ve been trying to use this RDB as backend database for openldap server. > > Now,I can find user information in RDB through openldap. > > However, I recognized I can’t use this user information for ldap login > certification process. > > LDAP’s userPassowrd stored in the RDB has been already DES hashed by > original app. On the other hand, input password from ldapseach command line > is CREARTEXT. > > Now I’d like my openldap to change CREATEXT input password into DES hassed > text so that they'll match for certification. > > I've asked this topic on stackoverflow web site how to do that by server > settings.But I couldn’t find proper directives to set. > > How to make ldap evaluate clear text password vs DES stored password > > Since then,I’ve been searching LDAP source files which is matching input > password from ldapsearch command line against userPassword stored in backend > RDB for slapd. > > I’d like to change certification process of LDAP source file to make input > password into DES hashed by using 2 characters of userPassword as its SALT. > > I've already known that 2 characters at the beginning of userPasswordwas > used as its SALT when it was hashed. > > So the fact is ,my slapd can read userPassword from the RDB. I think I'll be > able to find out what will be SALT to make input password into DES hashed > text. > > If I can make opeldap to act this way,I can use user's infomation in the RDB > to ldap login inforomation wiht seamless.
