LDAP: Switch to SHA512 Hash Lenny/Squeeze

To: Debian users mailing list <debian-user@lists.debian.org>
Subject: LDAP: Switch to SHA512 Hash Lenny/Squeeze
From: Denny Schierz <linuxmail@4lin.net>
Date: Mon, 17 Oct 2011 15:07:52 +0200
Message-id: <[🔎] 1318856872.6265.11.camel@pcdenny>

hi,

we want switch from old DES crypt to SHA512 on our Lenny and Squeeze
images. It works for local accounts, but I'm not sure, if it works also
in LDAP.

If I change the password from a LDAP user, than I expecting a longer
string:

local user:

foobar:$6$rounds=65536$7NJOqSFw
$UDB6zSUxHiFwnTs/cZvUkv4LMWYs7tdtqH1CkC1ubkxnKa2A7q2EXiXcTjvVGoV3I17d2yuqZKCQQbF6QhFDc/:15264:0:99999:7:::

LDAP User: binary(20b):

{crypt}HCBEYA1is79bB

in /etc/pam_ldap.config and /etc/libnss_ldap.conf:

pam_password crypt

/etc/login.defs

ENCRYPT_METHOD SHA512


/etc/pam.d/common-passwd:

[...]
password sufficient  pam_unix.so nullok use_authtok sha512 shadow
rounds=65536 use_first_pass
[...]

Our LDAP Server is openldap-2.4.23 on Solaris 10

any suggestions? Is the CRYPT in LDAP a hash over the SHA512?

cu denny

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Re: Why is exim installed by default?
Next by Date: Re: GPT on BIOS system partitions scheme
Previous by thread: Señora cuida personas de Edad
Next by thread: Wireless USB webcam for Debian?
Index(es):
- Date
- Thread