On 10/8/10 3:43 PM, Jason Russler wrote:
So if you currently have
$1$PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/
in /etc/shadow, you can try
{MD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/
As your example hash is salted, it should be:
{SMD5}PzZV2WYK$Asd3JtTFOwR3JnNTPjxDq/
This isn't going to work. I think Apache DS uses a different sized
salt for SMD5 than a typical shadow file - either that or a larger
resultant hash value. Ah, well, I suppose I can use the "migrate"
feature of the pam_ldap module. Too bad, Apache DS appears to be a
lot easier to deal with (in every other respect) than the other LDAP
systems I've dealt with. I've very new to it....
FYI, we are using the Java MessageDiggest class to encode the password
in Studio, and we assume in the server that the salt is 8 bytes long :
...
int algoLength = encryptionMethod.algorithm.getName().length() + 2;
...
case HASH_METHOD_SMD5:
try
{
// The password is associated with a salt. Decompose it
// in two parts, after having decoded the password.
// The salt will be stored into the
EncryptionMethod structure
// The salt is at the end of the credentials, and
is 8 bytes long
byte[] passwordAndSalt = Base64.decode( new String(
credentials, algoLength, credentials.length
- algoLength, "UTF-8" ).toCharArray() );
int saltLength = passwordAndSalt.length - MD5_LENGTH;
encryptionMethod.salt = new byte[saltLength];
byte[] password = new byte[MD5_LENGTH];
split( passwordAndSalt, 0, password,
encryptionMethod.salt );
return password;
}
Here, algoLength is the length for the string "{SMD5}" or whatever
algorithm you used.
However, you should *not* use MD5 as it's considered broken...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
