Theunis De Klerk wrote:
Were these applications that pre-hashed the SSHA passwords, then sent the pre-hashed SSHA password to the server, when adding a user or modifying the password? If so, then it could be that the legacy SSHA handling was broken.Here is an example of the perl code I used to create the password. <snip> my $password = 'thepassword'; use Digest::SHA1; use MIME::Base64; my $ctx = Digest::SHA1->new; $ctx->add($password); $ctx->add('salt'); my $hashedPasswd = '{SSHA}' . encode_base64($ctx->digest . 'salt' ,''); </snip> i.e: the way not to do it.
thanks - https://bugzilla.redhat.com/show_bug.cgi?id=518520
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
