MD5 for password hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/7/05, Sam Tran <stlist at gmail.com> wrote:
> On 7/7/05, Rich Megginson <rmeggins at redhat.com> wrote:
> >  Sam Tran wrote:
> >  On 7/7/05, Rich Megginson <rmeggins at redhat.com> wrote:
> >
> >
> >  Sam Tran wrote:
> >
> >
> >
> >  Hi all,
> >
> > I compiled FDS from the latest sources.
> >
> > I migrated a user entry from OpenLDAP to FDS as a test. For that user
> > entry I tried different password hash schemes for the userPassword
> > attribute and checked if it was successfully migrated to FDS. Here are
> > the results:
> >
> >
> >
> >  Did you run this script first -
> > http://www.directory.fedora.redhat.com/download/openLDAP2Fedora.pl
> > - to
> > migrate the data that used MD5 passwords?
> >
> >
> >
> >  {CRYPT} --> OK
> > (MD5} --> FAILED
> > {SMD5} --> FAILED
> > {MD5CRYPT} --> OK
> > {SHA} --> OK
> > {SSHA} --> OK
> >
> > I thought that FDS supported MD5 password hash. Did I miss something?
> >
> >
> >
> >  Not sure. I would have expected {MD5} to work but not {MD5CRYPT}. See
> > above.
> >
> >
> >
> >  Thanks in advance.
> >
> > Sam
> >
> >
> >  You should not need to run this script to do the migration. This
> > script just Base64 decodes the userPassword attribute and puts it in
> > the form {HASH}xxxxxxxx. FDS apparently understands the Base64 encoded
> > version of the password.
> >
> > For SHA, SSHA, CRYPT and MD5CRYPT I didn't use this script and the
> > migration was successful. For MD5 I tried without and with the script:
> > it was unsuccessful in both cases.
> >
> >  This is really bizarre, because MD5CRYPT should not work at all - it is not
> > supported by FDS.  The only thing I can think is that it is interpreting the
> > value as clear text.
> >
> >  How did you verify that the migration was successful?
> >
> >  Sam
> >
> 
> I simply did a ldapsearch with a binddn:
> ./ldapsearch -h localhost -b "dc=example,dc=com" -D
> "uid=joesmith,ou=people,dc=example,dc=com" -w - "objectclass=*"

I create a new user in FDS with a password I generated using this python module:
http://www.sabren.net/code/python/crypt/index.php3

The hash is MD5CRYPT. And it worked.

Try for yourself.

Don't forget to prepend {CRYPT} to the generated password.

Sam
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux