Re: problem with MD5 passwords

Tue, 09 Oct 2001 14:03:40 -0700 


yup, slappasswd did the trick.  guess i need to brush up on my
understanding of md5 (and checksumming/encryption in general).

thanks-

dan

> So far as I know, md5sum doesn't generate something that is usable in the
> {MD5} encryption method of SSL/LDAP.
> 
> md5sum comes out with a fixed length check sum of a file, while the MD5
> functionality of LDAP doesn't turn the key/password into a checksum.
> 
> Try using 'slappasswd', which is what I've found works well for generating
> the passwords.
> 
> On Tue, 9 Oct 2001, Daniel Kelley wrote:
> 
> =>hi-
> =>
> =>i'm using the 20011001a patch on suse 7.2 w/ openldap-2.0.15.
> =>
> =>i'm having a problem with pop auth and MD5 password hashing.  i've
> =>verified that the user record can be found via qmail-ldaplookup -u.  i've
> =>set the userPassword attribute to the MD5 hash of "test" using md5sum (to
> =>compute the hash) and ldapmodify (to update the userPassword
> =>attribute).  md5'ing the string "test" gives me the folowing:
> =>
> =>098f6bcd4621d373cade4e832627b4f6
> =>
> =>so i updated userPassword to {MD5}098f6bcd4621d373cade4e832627b4f6
> =>
> =>after using ldapmodify to update the userPassword, attribute, i verified
> =>that the userPassword attribute was correct by using ldapsearch
> =>and base64 decoding the userPassword (minus the {MD5} at the
> =>front), which yields:
> =>
> =>098f6bcd4621d373cade4e832627b4f6
> =>
> =>so far, so good, right?
> =>
> =>auth_pop still reports an auth failure.  so i added some extra logging to
> =>checkpassword.c and recompiled to make sure that auth_pop was correctly
> =>determining that the hash was MD5. it is:
> =>
> =>@400000003bc32f9a099d1904 ldap_get_extrainfo: userPassword:  
>{MD5}098f6bcd4621d373cade4e832627b4f6
> =>@400000003bc32f9a09a5815c cmp_passwd: encrypted: 
>{MD5}098f6bcd4621d373cade4e832627b4f6, clear, test
> =>@400000003bc32f9a09a598cc cmp_passwd: processing as {MD5}
> =>@400000003bc32f9a09a5a09c cmp_passwd: {MD5} hashed = CY9rzUYh03PK3k6DJie09g==
> =>check_ldap: password compare was not successful
> =>
> =>i'm not comparing passwords via rebind, so i'm confused as to why this is
> =>failing.
> =>
> =>any ideas?
> =>
> =>thanks-
> =>
> =>dan
> =>
> =>
> 
> --
> | Stephen "Slepp" Olesen / VE6SLP
> | Edmonton, Alberta, Canada / (780) 425-4798
> | President of Geeks Anonymous + http://www.geeksanon.ca/
> +---------------------------------
> 
> 
>

Reply via email to