hi, we want switch from old DES crypt to SHA512 on our Lenny and Squeeze images. It works for local accounts, but I'm not sure, if it works also in LDAP. If I change the password from a LDAP user, than I expecting a longer string: local user: foobar:$6$rounds=65536$7NJOqSFw $UDB6zSUxHiFwnTs/cZvUkv4LMWYs7tdtqH1CkC1ubkxnKa2A7q2EXiXcTjvVGoV3I17d2yuqZKCQQbF6QhFDc/:15264:0:99999:7::: LDAP User: binary(20b): {crypt}HCBEYA1is79bB in /etc/pam_ldap.config and /etc/libnss_ldap.conf: pam_password crypt /etc/login.defs ENCRYPT_METHOD SHA512 /etc/pam.d/common-passwd: [...] password sufficient pam_unix.so nullok use_authtok sha512 shadow rounds=65536 use_first_pass [...] Our LDAP Server is openldap-2.4.23 on Solaris 10 any suggestions? Is the CRYPT in LDAP a hash over the SHA512? cu denny
Attachment:
signature.asc
Description: This is a digitally signed message part