Exporting MD5 Hash from FD-DS into/etc/shadow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I had some time to play with this. I do not believe it can be done
easily unless another password storage mechanism is made as a plug-in. 

The GNU-MD5 password format for /etc/shadow I believe is:

$1$, followed by an 8 character salt, $, 22 character hash.

Seems like something that could be very useful though. I have some
servers in which are considered super 'production' not in LDAP but liked
to export users from LDAP to make /etc/passwd/shadows.



- Dennis




-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Howard
Chu
Sent: Wednesday, April 19, 2006 4:05 PM
To: fedora-directory-users at redhat.com
Subject: Re: Exporting MD5 Hash from FD-DS
into/etc/shadow

fedora-directory-users-request at redhat.com wrote:
> Date: Tue, 18 Apr 2006 20:14:31 +0300
> From: Mike Jackson <mj at sci.fi>
>
> dennis at demarco.com wrote:
>   
>> I would like to export the MD5 hash from the Fedora directory user's 
>> password attribute into /etc/shadow of a Linux machine not in LDAP 
>> (Redhat).
>>
>> It appears this isn't working, is there a way for me to do this? Not
all 
>> machines are using ldap but I would like to export from ldap.
>>     
>
>
> Hi,
>   I haven't tried this, but here's an idea just off the top of my head

> which _might_ work:
>
>
> 1. take away the {MD5} from the string
>
> 2. base64 decode the rest of the string
>
> 3. convert the string to hex
>
> 4. put the $1$ at the front of the hex string
>
> 5. put the whole string into the password field in /etc/shadow and
test
>
>
> If that works, you could write a perl script to automate the
procedure. 
> And report back to the list as well :-)
>
>   
No, the password field is not in hex, it uses the same 6-bit encoding 
that DES crypt() uses, which is different from base64. base64 uses the 
characters [A-Z][a-z][0-9]+/ while crypt uses the characters 
./[0-9][A-Z][a-z] (in those exact orders).

--
  -- Howard Chu
 Chief Architect, Symas Corp.   http://www.symas.com
 Director, Highland Sun   http://highlandsun.com/hyc
 OpenLDAP Core Team  http://www.openldap.org/project/

--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

This message (including any attachments) 
contains confidential information intended for a 
specific individual and purpose, and is protected 
by law.  If you are not the intended recipient, you 
should delete this message.  Any disclosure, 
copying, or distribution of this message, or the 
taking of any action based on it, is strictly 
prohibited.




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux