On Mon, Sep 18, 2000 at 04:43:21PM -0500, Kelli Wolfe wrote:
> Which if I'm understanding correctly, is supposed to be
> MD5 because of the $1$ in the salt portion...? What I'm
> trying to do is put MD5 passwords in my LDAP directory,
> but I can't find a true MD5 password.
This is confusing and probably ought to be a FAQ somewhere (or maybe it
is, and I missed it). In this case, you want to just copy and paste
the passwords from shadow and prepend a {crypt}, even though this is
an MD5 password. For some reason, there's a difference in the MD5 that
LDAP natively recognizes and the MD5 that glibc uses, so you can import
and use {md5}. But what happens with {crypt} is that LDAP passes the
password to the system crypt(), which recognizes it as an MD5 password
and deals with it appropriately. And of course, this is all well and
good provided that all the systems you're providing authentication to
use glibc and pam or at any rate support this scheme of MD5 passwords.
Wil
--
W. Reilly Cooley wcooley@nakedape.cc
Naked Ape Consulting http://nakedape.cc
LNXS: Linux/GNU for servers, networks, and http://lnxs.org
people who take care of them. *Now with integrated crypto!*
irc.openprojects.net #lnxs
The verdict of a jury is the a priori opinion of that juror who smokes
the worst cigars.
-- H. L. Mencken
