- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Operating System - Tru64 Unix
- >
- Re: LDAP support for different password hashes
Operating System - Tru64 Unix
1753516
Members
5225
Online
108795
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2008 10:55 AM
тАО11-23-2008 10:55 AM
I'm wondering if ldapcd on Tru64 5.1B (we run PK6) has any support for password hashes other than crypt. It's a minor irritation to us that we have to keep all our passwords in crypt format rather than something slightly more secure...
(I know we can use different hashes when running enhanced security, but here I am just talking about basic security with an ldap accounts backend - we need compatibility with other OSes).
I haven't seen anything documented, but running "strings" against /usr/sbin/ldapcd does bring up an occurrence of "{SHA}". Does this imply it might work? My casual attempt to have it work, didn't. But someone here is certain to know more!
Thanks for any feedback,
Graham
(I know we can use different hashes when running enhanced security, but here I am just talking about basic security with an ldap accounts backend - we need compatibility with other OSes).
I haven't seen anything documented, but running "strings" against /usr/sbin/ldapcd does bring up an occurrence of "{SHA}". Does this imply it might work? My casual attempt to have it work, didn't. But someone here is certain to know more!
Thanks for any feedback,
Graham
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-24-2008 09:51 AM
тАО11-24-2008 09:51 AM
Solution
Looking at the source code, there is a check if the encrypted password length is 28 characters the ldap SIA mechanism assumes that the password is encrypted using SHA with base64 encoding. But, I'm pretty sure this is in a section of code that is not used. I don't see a way for creating the SHA encrypted passwords in the ldap mechanism, either. So it's probably just a leftover reference from a possible feature that was never developed. I could find no references in the documentation that this feature is allowed either.
Ann
Ann
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-24-2008 10:35 AM
тАО11-24-2008 10:35 AM
Re: LDAP support for different password hashes
Thanks for checking the source code for me! It's too bad that the code is "almost there" but can't be used, but I guess this is something very unlikely to get changed at this point in time, since it has never been advertised as working. I guess we could check into using SHA only for users who don't need to access Tru64...
Getting the hashes into LDAP wouldn't be much of a problem since we tend to use external tools to manage the directory (in our case https://gna.org/projects/smbldap-tools/)
Getting the hashes into LDAP wouldn't be much of a problem since we tend to use external tools to manage the directory (in our case https://gna.org/projects/smbldap-tools/)
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP