Sam Tran wrote: >On 7/7/05, Rich Megginson <rmeggins at redhat.com> wrote: > > >>Sam Tran wrote: >> >> >> >>>Hi all, >>> >>>I compiled FDS from the latest sources. >>> >>>I migrated a user entry from OpenLDAP to FDS as a test. For that user >>>entry I tried different password hash schemes for the userPassword >>>attribute and checked if it was successfully migrated to FDS. Here are >>>the results: >>> >>> >>> >>> >>Did you run this script first - >>http://www.directory.fedora.redhat.com/download/openLDAP2Fedora.pl - to >>migrate the data that used MD5 passwords? >> >> >> >>>{CRYPT} --> OK >>>(MD5} --> FAILED >>>{SMD5} --> FAILED >>>{MD5CRYPT} --> OK >>>{SHA} --> OK >>>{SSHA} --> OK >>> >>>I thought that FDS supported MD5 password hash. Did I miss something? >>> >>> >>> >>> >>Not sure. I would have expected {MD5} to work but not {MD5CRYPT}. See >>above. >> >> >> >>>Thanks in advance. >>> >>>Sam >>> >>> >>> > >You should not need to run this script to do the migration. This >script just Base64 decodes the userPassword attribute and puts it in >the form {HASH}xxxxxxxx. FDS apparently understands the Base64 encoded >version of the password. > >For SHA, SSHA, CRYPT and MD5CRYPT I didn't use this script and the >migration was successful. For MD5 I tried without and with the script: >it was unsuccessful in both cases. > > This is really bizarre, because MD5CRYPT should not work at all - it is not supported by FDS. The only thing I can think is that it is interpreting the value as clear text. How did you verify that the migration was successful? >Sam > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20050707/7add040c/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050707/7add040c/attachment.bin
