07-15-2014
How to make ldappasswd use {SHA} instead of {SSHA} for users passwords in openldap?
Is it possible to use {SHA} with ldappasswd? I didn't find responsible option in manual page and doc
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I am the administrator for a large network of HP/UX servers, about 100, this will be growing to over 200 in the next 18 months, part of my duties are to change the root passwords on these machines once month... which is a pain. I have written a script that will generate random passwords for me and... (3 Replies)
Discussion started by: PJolliffe
3 Replies
2. UNIX for Dummies Questions & Answers
hi, to do a su - user, we need to know what are the users...
so in unix
1) which file to see the list of users, passwords? (2 Replies)
Discussion started by: yls177
2 Replies
3. Solaris
Hello to everyone,
We are trying to enable ldap authentication with pam_ldap and md5 passwords on a Solaris 10 system to an openldap server. If passwords are stored using crypt, everything works correctly. But if the password in openldap is in md5, then authentication fails.
We have installed... (0 Replies)
Discussion started by: jfotop
0 Replies
4. Solaris
Hi All,
How to restrict the NIS users not to change their passwords in for NIS users??
and my NIS user is unable to login to at client location what could be the problem for this ?
Any body can help me. Thanks in advance. (1 Reply)
Discussion started by: Sharath Kumar
1 Replies
5. UNIX for Advanced & Expert Users
Hello,
I have an AIX 5.3 system. I want to check users to see whether there are users with blank passwords but i would prefer to do that without checking /etc/passwd or /etc/security/passwd files.
Also while i was searching the web for a solution i noticed that many people refer to /etc/shadow... (2 Replies)
Discussion started by: omonoiatis9
2 Replies
6. UNIX for Dummies Questions & Answers
Hi all,
where (path) usually the programs are installed in linux.
How to make installed programs available to all users of the system ?
Thanks in advance! (4 Replies)
Discussion started by: lramsb4u
4 Replies
7. UNIX for Advanced & Expert Users
I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies
8. Shell Programming and Scripting
hi,
i am new to shell scripts
i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies
9. Red Hat
Hi,
I have problem with a script, it was working for 6 month and suddenly I started getting strange expire times
example:
# chage -l wXXp
Last password change : Oct 28, 2014
Password expires : Nov 27, 2014
Password... (3 Replies)
Discussion started by: redmansas
3 Replies
LEARN ABOUT OPENDARWIN
slappasswd
SLAPPASSWD(8C) SLAPPASSWD(8C)
NAME
slappasswd - OpenLDAP password utility
SYNOPSIS
/usr/sbin/slappasswd [-v] [-u] [-s secret|-T file] [-h hash] [-c salt-format]
DESCRIPTION
Slappasswd is used to generate an userPassword value suitable for use with ldapmodify(1) or slapd.conf(5) rootpw configuration directive.
OPTIONS
-v enable verbose mode.
-u Generate RFC 2307 userPassword values (the default). Future versions of this program may generate alternative syntaxes by default.
This option is provided for forward compatibility.
-s secret
The secret to hash. If this and -T are absent, the user will be prompted for the secret to hash. -s and -T and mutually exclusive
flags.
-T file
Hash the contents of the file. If this and -s are absent, the user will be prompted for the secret to hash. -s and -T and mutually
exclusive flags.
-h scheme
If -h is specified, one of the following RFC 2307 schemes may be specified: {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. The default
is {SSHA}.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be added to userPassword as clear text.
-c crypt-salt-format
Specify the format of the salt passed to crypt(3) when generating {CRYPT} passwords. This string needs to be in sprintf(3) format
and may include one (and only one) %s conversion. This conversion will be substituted with a string random characters from
[A-Za-z0-9./]. For example, "%.2s" provides a two character salt and "$1$%.8s" tells some versions of crypt(3) to use an MD5 algo-
rithm and provides 8 random characters of salt. The default is "%s", which provides 31 characters of salt.
LIMITATIONS
The practice storing hashed passwords in userPassword violates Standard Track (RFC 2256) schema specifications and may hinder interoper-
ability. A new attribute type, authPassword, to hold hashed passwords has been defined (RFC 3112), but is not yet implemented in slapd(8).
SECURITY CONSIDERATIONS
Use of hashed passwords does not protect passwords during protocol transfer. TLS or other eavesdropping protections should be inplace
before using LDAP simple bind. The hashed password values should be protected as if they were clear text passwords.
SEE ALSO
ldappasswd(1), ldapmodify(1), slapd(8) slapd.conf(5) RFC 2307 RFC 2256 RFC 3112
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
ACKNOWLEDGEMENTS
OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). OpenLDAP is derived from University of Michigan
LDAP 3.3 Release.
OpenLDAP 2.1.X RELEASEDATE SLAPPASSWD(8C)