hi-
i'm using the 20011001a patch on suse 7.2 w/ openldap-2.0.15.
i'm having a problem with pop auth and MD5 password hashing. i've
verified that the user record can be found via qmail-ldaplookup -u. i've
set the userPassword attribute to the MD5 hash of "test" using md5sum (to
compute the hash) and ldapmodify (to update the userPassword
attribute). md5'ing the string "test" gives me the folowing:
098f6bcd4621d373cade4e832627b4f6
so i updated userPassword to {MD5}098f6bcd4621d373cade4e832627b4f6
after using ldapmodify to update the userPassword, attribute, i verified
that the userPassword attribute was correct by using ldapsearch
and base64 decoding the userPassword (minus the {MD5} at the
front), which yields:
098f6bcd4621d373cade4e832627b4f6
so far, so good, right?
auth_pop still reports an auth failure. so i added some extra logging to
checkpassword.c and recompiled to make sure that auth_pop was correctly
determining that the hash was MD5. it is:
@400000003bc32f9a099d1904 ldap_get_extrainfo: userPassword:
{MD5}098f6bcd4621d373cade4e832627b4f6
@400000003bc32f9a09a5815c cmp_passwd: encrypted:
{MD5}098f6bcd4621d373cade4e832627b4f6, clear, test
@400000003bc32f9a09a598cc cmp_passwd: processing as {MD5}
@400000003bc32f9a09a5a09c cmp_passwd: {MD5} hashed = CY9rzUYh03PK3k6DJie09g==
check_ldap: password compare was not successful
i'm not comparing passwords via rebind, so i'm confused as to why this is
failing.
any ideas?
thanks-
dan
