>I do not have slappasswd on my Linux 7.0/OpenLDAP 1.2.11 host.
FYI, the OpenLDAP FAQ-O-Matic shows the following when I did a search for
slappasswd. Apparently, OpenLDAP recommends SSHA over md5, crypt, and
obviously, cleartext. The Netscape article that it refers to suggests using
"pwdhash" to generate or check userPassword values. This program is included
with Netscape Directory server. The article includes two perl scripts and a
java program to generate the SSHA password.
What do you and Henning think of SSHA over MD5?
Result of OpenLDAP FAQ-O-Matic search for "slappasswd":
=====
What are {SHA} and {SSHA} passwords and how do I generate them?
OpenLDAP supports RFC 2307 passwords, including the {SHA}, {SSHA} and other
schemes. Such passwords may be used as userPassword values and/or rootpw
value. See What are RFC 2307 user passwords?.
{SHA} and {SSHA} are RFC 2307 passwords schemes which use the SHA1 secure
hash algorithm. The {SSHA} is the seeded varient. {SSHA} is recommended over
other RFC 2307 schemes.
Netscape provides a technical note on how to generate {SHA} and {SSHA}
password values. See:
http://developer.netscape.com:80/docs/technote/ldap/pass_sha.html
#! /usr/bin/perl
#
# This small script generates an Seeded SHA1 hash of 'secret'
# (using the seed "salt") for use as a userPassword or rootpw value.
#
use Digest::SHA1;
use MIME::Base64;
$ctx = Digest::SHA1->new;
$ctx->add('secret');
$ctx->add('salt');
$hashedPasswd = '{SSHA}' . encode_base64($ctx->digest . 'salt' ,'');
print 'userPassword: ' . $hashedPasswd . "\n";
#! /usr/bin/perl
#
# This small script generates an SHA1 hash of 'secret' for use
# as a userPassword or rootpw value.
#
use Digest::SHA1;
use MIME::Base64;
$ctx = Digest::SHA1->new;
$ctx->add('secret');
$hashedPasswd = '{SHA}' . encode_base64($ctx->digest,'');
print 'userPassword: ' . $hashedPasswd . "\n";
=====
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
