[Freeipa-devel] Consistent password hashing and lookups
James
purpleidea at gmail.com
Mon May 12 21:11:13 UTC 2014
On Mon, 2014-05-12 at 09:11 +0200, Martin Kosek wrote:
> 1) Get fbar1;s b64 encoded password hash:
>
> # ldapsearch -Y EXTERNAL -H ldapi://%2fvar%2frun%
> 2fslapd-EXAMPLE-COM.socket -b
> 'uid=fbar1,cn=users,cn=accounts,dc=example,dc=com' userPassword
This seems to work great. I used user 'admin'. I assume this is the same
admin user.
1) Is this command something that is stable for use in scripting, or is
there a more machine-readable recommended way?
2) How can I compute/compare that hash to my password string? password I
selected is 'password'. :)
Thanks again!
Output is:
[root at ipa ~]# ldapsearch -Y EXTERNAL -H ldapi://%2fvar%2frun%
2fslapd-EXAMPLE-COM.socket -b
'uid=admin,cn=users,cn=accounts,dc=example,dc=com' userPassword
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <uid=admin,cn=users,cn=accounts,dc=example,dc=com> with scope
subtree
# filter: (objectclass=*)
# requesting: userPassword
#
# admin, users, accounts, example.com
dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com
userPassword::
e1NTSEF9cjc0OGc3ZThnY1FsWVpwVFNqWU8yMDAreTF2WEZNRjVUSXBQV3c9PQ=
=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root at ipa ~]#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140512/b784987c/attachment.sig>
More information about the Freeipa-devel
mailing list