Jonathan Barber wrote: > On Mon, Dec 31, 2007 at 02:25:21PM +1100, Joel Heenan wrote: > >> Ok then so from my reading a bit more into how the Linux MD5 sum is >> calculated it seems that because it includes a salt and is otherwise >> mangled what I'm attempting to do is impossible and I'll need to get >> users to set passwords manually. Is this correct? >> > > Yes. > > If you want to postpone having to get your users to reset their > passwords, you could try the pam-passthru plugin: > http://cvs.fedoraproject.org/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/README?root=dirsec&rev=1.6&view=auto > > >> I was hoping that I could take the Linux PAM MD5 and plonk it inside >> Directory Server but this doesn't seem possible. Unless there is some >> plugin designed for this that understands Linux MD5? >> > > Not that I know of, but it shouldn't be that difficult to write using > the existing pwdstorage plugins as a starting point. > You might try the crypt format. On most linux platforms, system crypt uses MD5. > >> Thanks >> >> Joel >> >> >>> -----Original Message----- >>> From: fedora-directory-users-bounces at redhat.com >>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >>> Of Jonathan Barber >>> Sent: Monday, 24 December 2007 11:49 PM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: Migrating RHEL users to >>> Directory Server >>> >>> On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote: >>> >>>> Fedora Directory Users, >>>> >>>> I have a bunch of users currently using local RHEL 4 local >>>> >>> unix user >>> >>>> accounts for their usernames and passwords and I would like >>>> >>> to migrate >>> >>>> them to Directory Server. My question concerns the MD5 sum password. >>>> >>>> I tried adding a user joeltest with password joeltest and I >>>> >>> got hash: >>> >>>> JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0 >>>> >>>> from RHEL but I got hash: >>>> >>>> WGvQgGYUH2UOX2ZA1IQeyQ== >>>> >>> This value is the base64 encoded value of the md5 digest of >>> the password, and is the same as the md5 digest of "joeltest": >>> $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl >>> base64 WGvQgGYUH2UOX2ZA1IQeyQ== $ >>> >>> Regards. >>> >>> >>>> >From Directory Server when I set the same password. >>>> >>>> I'm guessing this is to do with further encodings placed on the >>>> password hash. Hoping someone has done this before and can >>>> >>> point me in >>> >>>> the right direction? >>>> >>>> Thanks >>>> >>>> Joel >>>> >>> -- >>> Jonathan Barber >>> High Performance Computing Analyst >>> Tel. +44 (0) 1382 386389 >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files. >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080103/603358ec/attachment.bin
