I had some time to play with this. I do not believe it can be done easily unless another password storage mechanism is made as a plug-in. The GNU-MD5 password format for /etc/shadow I believe is: $1$, followed by an 8 character salt, $, 22 character hash. Seems like something that could be very useful though. I have some servers in which are considered super 'production' not in LDAP but liked to export users from LDAP to make /etc/passwd/shadows. - Dennis -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Howard Chu Sent: Wednesday, April 19, 2006 4:05 PM To: fedora-directory-users at redhat.com Subject: Re: Exporting MD5 Hash from FD-DS into/etc/shadow fedora-directory-users-request at redhat.com wrote: > Date: Tue, 18 Apr 2006 20:14:31 +0300 > From: Mike Jackson <mj at sci.fi> > > dennis at demarco.com wrote: > >> I would like to export the MD5 hash from the Fedora directory user's >> password attribute into /etc/shadow of a Linux machine not in LDAP >> (Redhat). >> >> It appears this isn't working, is there a way for me to do this? Not all >> machines are using ldap but I would like to export from ldap. >> > > > Hi, > I haven't tried this, but here's an idea just off the top of my head > which _might_ work: > > > 1. take away the {MD5} from the string > > 2. base64 decode the rest of the string > > 3. convert the string to hex > > 4. put the $1$ at the front of the hex string > > 5. put the whole string into the password field in /etc/shadow and test > > > If that works, you could write a perl script to automate the procedure. > And report back to the list as well :-) > > No, the password field is not in hex, it uses the same 6-bit encoding that DES crypt() uses, which is different from base64. base64 uses the characters [A-Z][a-z][0-9]+/ while crypt uses the characters ./[0-9][A-Z][a-z] (in those exact orders). -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
