Re: Help to understand pre-hashed login

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, 
Although Marc is right, I do not think it will help you:
  You can generate the hash with pwdhash  then store the hashed value in userpassword. 
   But you still need to use the clear password to authenticate.
If using the hashed value would be enough to be able to authenticate, it would nullify the hash interest (because hashed value would not protect more than using clear value).

IMHO if the application is running on the server, the easiest way is to use ldapi (i.e named socket) because no password is needed if the application has the right to open the socket.

Otherwise strong authentication could be used but that is more painful to handle on the application side.
A last method is to use reversible encryption to store an encrypted password and let the application decode it (as ds389 does with the replication agreement password) 
  but the issue is then to protect the encryption key ... 

Regards,
  Pierre


On Mon, Jan 3, 2022 at 8:15 PM Marc Sauton <msauton@xxxxxxxxxx> wrote:
you can use the pwdhash command to generate some pre-hashed passwords, and then add them to the configurations or into the user's entries:
man pwdhash
pwdhash -s SSHA512 pasword
{SSHA512}JnzerkmYXKEuMcv...snip...
Thanks,
M.

On Thu, Dec 30, 2021 at 4:05 AM Caderize Caderize <caderize@xxxxxxxxx> wrote:
Hello everyone,
i am writing a small php application in order to manage D389 users.
Currently, in order to connect to it, i saved the admin password in clear text in a config.php file, just for test.

Now i would move these settings into mysql database and hash the password for secure reason, probably sha1 or sha256 with salt(will see).
The application should retrieve credentials from mysql db(which will be a salted hashed password "{SHA}xxxxxxxxxxxx") and try to connect to D389.

My question is: Does D389 can authenticate if i pass to it a pre-hashed password?
Is there any documentation or example to follow?

Hope this question will not be considered as stupid.

Many Thanks
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


--
--

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux