Sam Tran wrote:
Ah hah. That's why it works. But in FDS, {CRYPT} is not the same as MD5 crypt - FDS crypt uses the old unix crypt that used to be the standard for Solaris /etc/passwd and /etc/shadow (and other OSes).On 7/7/05, Sam Tran <stlist@xxxxxxxxx> wrote:On 7/7/05, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:Sam Tran wrote: On 7/7/05, Rich Megginson <rmeggins@xxxxxxxxxx> wrote: Sam Tran wrote: Hi all, I compiled FDS from the latest sources. I migrated a user entry from OpenLDAP to FDS as a test. For that user entry I tried different password hash schemes for the userPassword attribute and checked if it was successfully migrated to FDS. Here are the results: Did you run this script first - http://www.directory.fedora.redhat.com/download/openLDAP2Fedora.pl - to migrate the data that used MD5 passwords? {CRYPT} --> OK (MD5} --> FAILED {SMD5} --> FAILED {MD5CRYPT} --> OK {SHA} --> OK {SSHA} --> OK I thought that FDS supported MD5 password hash. Did I miss something? Not sure. I would have expected {MD5} to work but not {MD5CRYPT}. See above. Thanks in advance. Sam You should not need to run this script to do the migration. This script just Base64 decodes the userPassword attribute and puts it in the form {HASH}xxxxxxxx. FDS apparently understands the Base64 encoded version of the password. For SHA, SSHA, CRYPT and MD5CRYPT I didn't use this script and the migration was successful. For MD5 I tried without and with the script: it was unsuccessful in both cases. This is really bizarre, because MD5CRYPT should not work at all - it is not supported by FDS. The only thing I can think is that it is interpreting the value as clear text. How did you verify that the migration was successful? Sam dirving, any clues as to why {MD5} doesn't work? Sam |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
