[Fedora-directory-users] FDS equivalent of OpenLDAP's password-crypt-salt-format?
Steve Rigler
srigler at marathonoil.com
Wed Jun 27 14:30:48 UTC 2007
On Tue, 2007-06-26 at 12:36 -0700, Alan Hagge wrote:
> Does anyone know if FDS has the equivalent of OpenLDAP's
> password-crypt-salt-format option? It's used to specify the format of
> the salt used in crypt encryption. Specifically, I need a way to have
> md5crypt passwords generated by an "ldap password modify" extended
> operation. I'm trying to support Irix, Linux and Windows (using samba)
> hosts, and unfortunately, Irix only supports crypt-format passwords, but
> WILL use the md5 salted variant, which (as I understand it) is much more
> secure than the standard DES version.
>
> It looks like Sun's enterprise directory server supports this through an
> optional parameter passed to its crypt password storage scheme plugin
> (see http://docs.sun.com/app/docs/doc/820-0376/6nc4cgnh4?a=view , topic
> 6557410), but in looking over the FDS source for this plugin, I don't
> see where this has been implemented.
>
> Thanks for any hints, tips, etc.
Alan,
What version of Irix are you running? AFAIK, 6.5.22 and later has PAM,
so you can bind to the directory without exposing userPassword. There
is also an openldap module for NSD (I believe it's available in 6.5.26
an later) that introduces some better filtering for NSD.
-Steve
More information about the Fedora-directory-users
mailing list