fedora-directory-users-request at redhat.com wrote:
> Date: Tue, 18 Apr 2006 20:14:31 +0300
> From: Mike Jackson <mj at sci.fi>
>
> dennis at demarco.com wrote:
>
>> I would like to export the MD5 hash from the Fedora directory user's
>> password attribute into /etc/shadow of a Linux machine not in LDAP
>> (Redhat).
>>
>> It appears this isn't working, is there a way for me to do this? Not all
>> machines are using ldap but I would like to export from ldap.
>>
>
>
> Hi,
> I haven't tried this, but here's an idea just off the top of my head
> which _might_ work:
>
>
> 1. take away the {MD5} from the string
>
> 2. base64 decode the rest of the string
>
> 3. convert the string to hex
>
> 4. put the $1$ at the front of the hex string
>
> 5. put the whole string into the password field in /etc/shadow and test
>
>
> If that works, you could write a perl script to automate the procedure.
> And report back to the list as well :-)
>
>
No, the password field is not in hex, it uses the same 6-bit encoding
that DES crypt() uses, which is different from base64. base64 uses the
characters [A-Z][a-z][0-9]+/ while crypt uses the characters
./[0-9][A-Z][a-z] (in those exact orders).
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
