Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to make ldappasswd use {SHA} instead of {SSHA} for users passwords in openldap?
Special Forums UNIX and Linux Applications How to make ldappasswd use {SHA} instead of {SSHA} for users passwords in openldap? Post 302910230 by slashdotweenie on Wednesday 23rd of July 2014 07:19:48 AM
Old 07-23-2014
please post your
Code:
slapd.conf

 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Changing Users Passwords Via Script?

I am the administrator for a large network of HP/UX servers, about 100, this will be growing to over 200 in the next 18 months, part of my duties are to change the root passwords on these machines once month... which is a pain. I have written a script that will generate random passwords for me and... (3 Replies)
Discussion started by: PJolliffe
3 Replies

2. UNIX for Dummies Questions & Answers

su - user... how to find out the list of users and their passwords..

hi, to do a su - user, we need to know what are the users... so in unix 1) which file to see the list of users, passwords? (2 Replies)
Discussion started by: yls177
2 Replies

3. Solaris

Solaris 10 openldap authentication with md5 passwords

Hello to everyone, We are trying to enable ldap authentication with pam_ldap and md5 passwords on a Solaris 10 system to an openldap server. If passwords are stored using crypt, everything works correctly. But if the password in openldap is in md5, then authentication fails. We have installed... (0 Replies)
Discussion started by: jfotop
0 Replies

4. Solaris

To restrict the users not to change the passwords for NIS users

Hi All, How to restrict the NIS users not to change their passwords in for NIS users?? and my NIS user is unable to login to at client location what could be the problem for this ? Any body can help me. Thanks in advance. (1 Reply)
Discussion started by: Sharath Kumar
1 Replies

5. UNIX for Advanced & Expert Users

check for users blank passwords

Hello, I have an AIX 5.3 system. I want to check users to see whether there are users with blank passwords but i would prefer to do that without checking /etc/passwd or /etc/security/passwd files. Also while i was searching the web for a solution i noticed that many people refer to /etc/shadow... (2 Replies)
Discussion started by: omonoiatis9
2 Replies

6. UNIX for Dummies Questions & Answers

how to make programs available to all users

Hi all, where (path) usually the programs are installed in linux. How to make installed programs available to all users of the system ? Thanks in advance! (4 Replies)
Discussion started by: lramsb4u
4 Replies

7. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

8. Shell Programming and Scripting

Create multiple users with individual passwords to users

hi, i am new to shell scripts i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies

9. Red Hat

Problem with Script to email Admin users with expired passwords writed byygemici

Hi, I have problem with a script, it was working for 6 month and suddenly I started getting strange expire times example: # chage -l wXXp Last password change : Oct 28, 2014 Password expires : Nov 27, 2014 Password... (3 Replies)
Discussion started by: redmansas
3 Replies

LEARN ABOUT DEBIAN

slappasswd

SLAPPASSWD(8)						      System Manager's Manual						     SLAPPASSWD(8)

NAME

       slappasswd - OpenLDAP password utility

SYNOPSIS

       /usr/sbin/slappasswd [-v] [-u] [-g|-s secret|-T file] [-h hash] [-c salt-format] [-n]

DESCRIPTION

       Slappasswd  is  used to generate an userPassword value suitable for use with ldapmodify(1), slapd.conf(5) rootpw configuration directive or
       the slapd-config(5) olcRootPW configuration directive.

OPTIONS

       -v     enable verbose mode.

       -u     Generate RFC 2307 userPassword values (the default).  Future versions of this program may generate alternative syntaxes by  default.
	      This option is provided for forward compatibility.

       -s secret
	      The  secret  to  hash.  If this, -g and -T are absent, the user will be prompted for the secret to hash.	-s, -g and -T are mutually
	      exclusive flags.

       -g     Generate the secret.  If this, -s and -T are absent, the user will be prompted for the secret to hash.  -s, -g and -T  are  mutually
	      exclusive flags.	If this is present, {CLEARTEXT} is used as scheme.  -g and -h are mutually exclusive flags.

       -T "file"
	      Hash  the contents of the file.  If this, -g and -s are absent, the user will be prompted for the secret to hash.  -s, -g and -T and
	      mutually exclusive flags.

       -h "scheme"
	      If -h is specified, one of the following RFC 2307 schemes may be specified: {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}.  The  default
	      is {SSHA}.

	      Note that scheme names may need to be protected, due to { and }, from expansion by the user's command interpreter.

	      {SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.

	      {MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter with a seed.

	      {CRYPT} uses the crypt(3).

	      {CLEARTEXT} indicates that the new password should be added to userPassword as clear text.  Unless {CLEARTEXT} is used, this flag is
	      incompatible with option -g.

       -c crypt-salt-format
	      Specify the format of the salt passed to crypt(3) when generating {CRYPT} passwords.  This string needs to be in	sprintf(3)  format
	      and  may	include  one  (and  only  one) %s conversion.  This conversion will be substituted with a string of random characters from
	      [A-Za-z0-9./].  For example, '%.2s' provides a two character salt and '$1$%.8s' tells some versions of crypt(3) to use an MD5  algo-
	      rithm and provides 8 random characters of salt.  The default is '%s', which provides 31 characters of salt.

       -n     Omit the trailing newline; useful to pipe the credentials into a command.

LIMITATIONS

       The practice of storing hashed passwords in userPassword violates Standard Track (RFC 4519) schema specifications and may hinder interoper-
       ability.  A new attribute type, authPassword, to hold hashed passwords has been defined (RFC 3112), but is not yet implemented in slapd(8).

       It should also be noted that the behavior of crypt(3) is platform specific.

SECURITY CONSIDERATIONS

       Use of hashed passwords does not protect passwords during protocol transfer.  TLS or other eavesdropping  protections  should  be  in-place
       before using LDAP simple bind.

       The hashed password values should be protected as if they were clear text passwords.

SEE ALSO

       ldappasswd(1), ldapmodify(1), slapd(8), slapd.conf(5), slapd-config(5), RFC 2307, RFC 4519, RFC 3112

       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS

       OpenLDAP  Software  is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.  OpenLDAP Software is derived from Uni-
       versity of Michigan LDAP 3.3 Release.

OpenLDAP							    2012/04/23							     SLAPPASSWD(8)
All times are GMT -4. The time now is 06:10 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy