Thanks for your advice. but i have no chicese to use DES in this case. i must do that even it'll be temporary.
in message "Antw: How to make ldap evaluate clear text password vs DES stored password", "Ulrich Windl" <ulrich.wi...@rz.uni-regensburg.de> wrote: > Hi! > > I think that traditional UNIX crypt passwords are obsolete for at least 10 > years. > I also think that there are online services that could decode your DES-encoded > challenges in a few seconds if not even faster... > > What I mean to says is: Don't spend time in getting DES passwords, upgrade > your security instead. > > Modern systems encode passwords like this (note the difference in length!): > :$6$CM21wofswJzjH.NfEtuX3m6Hjtx4H0mLq4MID3JqK254DCIw6Sjeh1kmI27DEwcAb8ilxb8KH08PmQIcTD8XloWFAXKmC/uuR1 > > See man crypt(3) for glibc: I knows about: > Traditional DES-based > Extended BSDI-style DES-based > FreeBSD-style MD5-based > SHA256 based > SHA512 based > OpenBSD-style Blowfish-based (bcrypt) > > So I guess you get the idea... > > Regards, > Ulrich > > >>> <yokoy...@jacic.or.jp> schrieb am 20.09.2018 um 01:43 in Nachricht > <201809192343.w8jnh4vt026...@mbox.securemx.jp>: > > Hi. > > > > I have user information in RDB which include user?id and password set. > > > > I’ve been trying to use this RDB as backend database for openldap server. > > > > Now,I can find user information in RDB through openldap. > > > > However, I recognized I can’t use this user information for ldap login > > certification process. > > > > LDAP’s userPassowrd stored in the RDB has been already DES hashed by > > original app. On the other hand, input password from ldapseach command line > > > is CREARTEXT. > > > > Now I’d like my openldap to change CREATEXT input password into DES hassed > > text so that they'll match for certification. > > > > I've asked this topic on stackoverflow web site how to do that by server > > settings.But I couldn’t find proper directives to set. > > > > How to make ldap evaluate clear text password vs DES stored password > > > > Since then,I’ve been searching LDAP source files which is matching input > > password from ldapsearch command line against userPassword stored in backend > > > RDB for slapd. > > > > I’d like to change certification process of LDAP source file to make input > > password into DES hashed by using 2 characters of userPassword as its SALT. > > > > I've already known that 2 characters at the beginning of userPasswordwas > > used as its SALT when it was hashed. > > > > So the fact is ,my slapd can read userPassword from the RDB. I think I'll be > > > able to find out what will be SALT to make input password into DES hashed > > text. > > > > If I can make opeldap to act this way,I can use user's infomation in the RDB > > > to ldap login inforomation wiht seamless.
