On Fri, Oct 8, 2010 at 3:43 PM, Jason Russler <[email protected]> wrote: > >>> >>> So if you currently have >>> $1$PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ >>> in /etc/shadow, you can try >>> {MD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ >> >> As your example hash is salted, it should be: >> {SMD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/ > > This isn't going to work. I think Apache DS uses a different sized salt for > SMD5 than a typical shadow file - either that or a larger resultant hash > value. Ah, well, I suppose I can use the "migrate" feature of the pam_ldap > module. Too bad, Apache DS appears to be a lot easier to deal with (in > every other respect) than the other LDAP systems I've dealt with. I've very > new to it....
Im using OpenLDAP (slapd) and they support shadow hashes at least for MD5,SMD5,SHA1,SSHA1. You just need to put the correct tag in front of your [salted] hash value from /etc/shadow before saving it to userPassword attribute. Regards, Linus
