Sam Tran wrote: >On 7/7/05, Sam Tran <stlist at gmail.com> wrote: > > >>On 7/7/05, Rich Megginson <rmeggins at redhat.com> wrote: >> >> >>> Sam Tran wrote: >>> On 7/7/05, Rich Megginson <rmeggins at redhat.com> wrote: >>> >>> >>> Sam Tran wrote: >>> >>> >>> >>> Hi all, >>> >>>I compiled FDS from the latest sources. >>> >>>I migrated a user entry from OpenLDAP to FDS as a test. For that user >>>entry I tried different password hash schemes for the userPassword >>>attribute and checked if it was successfully migrated to FDS. Here are >>>the results: >>> >>> >>> >>> Did you run this script first - >>>http://www.directory.fedora.redhat.com/download/openLDAP2Fedora.pl >>>- to >>>migrate the data that used MD5 passwords? >>> >>> >>> >>> {CRYPT} --> OK >>>(MD5} --> FAILED >>>{SMD5} --> FAILED >>>{MD5CRYPT} --> OK >>>{SHA} --> OK >>>{SSHA} --> OK >>> >>>I thought that FDS supported MD5 password hash. Did I miss something? >>> >>> >>> >>> Not sure. I would have expected {MD5} to work but not {MD5CRYPT}. See >>>above. >>> >>> >>> >>> Thanks in advance. >>> >>>Sam >>> >>> >>> You should not need to run this script to do the migration. This >>>script just Base64 decodes the userPassword attribute and puts it in >>>the form {HASH}xxxxxxxx. FDS apparently understands the Base64 encoded >>>version of the password. >>> >>>For SHA, SSHA, CRYPT and MD5CRYPT I didn't use this script and the >>>migration was successful. For MD5 I tried without and with the script: >>>it was unsuccessful in both cases. >>> >>> This is really bizarre, because MD5CRYPT should not work at all - it is not >>>supported by FDS. The only thing I can think is that it is interpreting the >>>value as clear text. >>> >>> How did you verify that the migration was successful? >>> >>> Sam >>> >>> >>> >>I simply did a ldapsearch with a binddn: >>./ldapsearch -h localhost -b "dc=example,dc=com" -D >>"uid=joesmith,ou=people,dc=example,dc=com" -w - "objectclass=*" >> >> > >I create a new user in FDS with a password I generated using this python module: >http://www.sabren.net/code/python/crypt/index.php3 > >The hash is MD5CRYPT. And it worked. > >Try for yourself. > >Don't forget to prepend {CRYPT} to the generated password. > > Ah hah. That's why it works. But in FDS, {CRYPT} is not the same as MD5 crypt - FDS crypt uses the old unix crypt that used to be the standard for Solaris /etc/passwd and /etc/shadow (and other OSes). dirving, any clues as to why {MD5} doesn't work? >Sam > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20050707/2c30955d/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050707/2c30955d/attachment.bin
