Joel Heenan
2007-Dec-21 02:51 UTC
[Fedora-directory-users] Migrating RHEL users to Directory Server
Fedora Directory Users, I have a bunch of users currently using local RHEL 4 local unix user accounts for their usernames and passwords and I would like to migrate them to Directory Server. My question concerns the MD5 sum password. I tried adding a user joeltest with password joeltest and I got hash: JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0 from RHEL but I got hash: WGvQgGYUH2UOX2ZA1IQeyQ=>From Directory Server when I set the same password.I''m guessing this is to do with further encodings placed on the password hash. Hoping someone has done this before and can point me in the right direction? Thanks Joel The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files.
Jonathan Barber
2007-Dec-24 12:48 UTC
Re: [Fedora-directory-users] Migrating RHEL users to Directory Server
On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote:> Fedora Directory Users, > > I have a bunch of users currently using local RHEL 4 local unix user > accounts for their usernames and passwords and I would like to migrate > them to Directory Server. My question concerns the MD5 sum password. > > I tried adding a user joeltest with password joeltest and I got hash: > > JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0 > > from RHEL but I got hash: > > WGvQgGYUH2UOX2ZA1IQeyQ=This value is the base64 encoded value of the md5 digest of the password, and is the same as the md5 digest of "joeltest": $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl base64 WGvQgGYUH2UOX2ZA1IQeyQ=$ Regards.> >From Directory Server when I set the same password. > > I''m guessing this is to do with further encodings placed on the password > hash. Hoping someone has done this before and can point me in the right > direction? > > Thanks > > Joel-- Jonathan Barber High Performance Computing Analyst Tel. +44 (0) 1382 386389
Joel Heenan
2007-Dec-31 03:25 UTC
RE: [Fedora-directory-users] Migrating RHEL users to Directory Server
Ok then so from my reading a bit more into how the Linux MD5 sum is calculated it seems that because it includes a salt and is otherwise mangled what I''m attempting to do is impossible and I''ll need to get users to set passwords manually. Is this correct? I was hoping that I could take the Linux PAM MD5 and plonk it inside Directory Server but this doesn''t seem possible. Unless there is some plugin designed for this that understands Linux MD5? Thanks Joel> -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf > Of Jonathan Barber > Sent: Monday, 24 December 2007 11:49 PM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Migrating RHEL users to > Directory Server > > On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote: > > Fedora Directory Users, > > > > I have a bunch of users currently using local RHEL 4 local > unix user > > accounts for their usernames and passwords and I would like > to migrate > > them to Directory Server. My question concerns the MD5 sum password. > > > > I tried adding a user joeltest with password joeltest and I > got hash: > > > > JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0 > > > > from RHEL but I got hash: > > > > WGvQgGYUH2UOX2ZA1IQeyQ=> > This value is the base64 encoded value of the md5 digest of > the password, and is the same as the md5 digest of "joeltest": > $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl > base64 WGvQgGYUH2UOX2ZA1IQeyQ== $ > > Regards. > > > >From Directory Server when I set the same password. > > > > I''m guessing this is to do with further encodings placed on the > > password hash. Hoping someone has done this before and can > point me in > > the right direction? > > > > Thanks > > > > Joel > > -- > Jonathan Barber > High Performance Computing Analyst > Tel. +44 (0) 1382 386389 > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files.
Jonathan Barber
2008-Jan-03 11:23 UTC
Re: [Fedora-directory-users] Migrating RHEL users to Directory Server
On Mon, Dec 31, 2007 at 02:25:21PM +1100, Joel Heenan wrote:> Ok then so from my reading a bit more into how the Linux MD5 sum is > calculated it seems that because it includes a salt and is otherwise > mangled what I''m attempting to do is impossible and I''ll need to get > users to set passwords manually. Is this correct?Yes. If you want to postpone having to get your users to reset their passwords, you could try the pam-passthru plugin: http://cvs.fedoraproject.org/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/README?root=dirsec&rev=1.6&view=auto> I was hoping that I could take the Linux PAM MD5 and plonk it inside > Directory Server but this doesn''t seem possible. Unless there is some > plugin designed for this that understands Linux MD5?Not that I know of, but it shouldn''t be that difficult to write using the existing pwdstorage plugins as a starting point.> Thanks > > Joel > > > -----Original Message----- > > From: fedora-directory-users-bounces@redhat.com > > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf > > Of Jonathan Barber > > Sent: Monday, 24 December 2007 11:49 PM > > To: General discussion list for the Fedora Directory server project. > > Subject: Re: [Fedora-directory-users] Migrating RHEL users to > > Directory Server > > > > On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote: > > > Fedora Directory Users, > > > > > > I have a bunch of users currently using local RHEL 4 local > > unix user > > > accounts for their usernames and passwords and I would like > > to migrate > > > them to Directory Server. My question concerns the MD5 sum password. > > > > > > I tried adding a user joeltest with password joeltest and I > > got hash: > > > > > > JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0 > > > > > > from RHEL but I got hash: > > > > > > WGvQgGYUH2UOX2ZA1IQeyQ=> > > > This value is the base64 encoded value of the md5 digest of > > the password, and is the same as the md5 digest of "joeltest": > > $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl > > base64 WGvQgGYUH2UOX2ZA1IQeyQ== $ > > > > Regards. > > > > > >From Directory Server when I set the same password. > > > > > > I''m guessing this is to do with further encodings placed on the > > > password hash. Hoping someone has done this before and can > > point me in > > > the right direction? > > > > > > Thanks > > > > > > Joel > > > > -- > > Jonathan Barber > > High Performance Computing Analyst > > Tel. +44 (0) 1382 386389 > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files. > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Jonathan Barber High Performance Computing Analyst Tel. +44 (0) 1382 386389
Rich Megginson
2008-Jan-03 19:35 UTC
Re: [Fedora-directory-users] Migrating RHEL users to Directory Server
Jonathan Barber wrote:> On Mon, Dec 31, 2007 at 02:25:21PM +1100, Joel Heenan wrote: > >> Ok then so from my reading a bit more into how the Linux MD5 sum is >> calculated it seems that because it includes a salt and is otherwise >> mangled what I''m attempting to do is impossible and I''ll need to get >> users to set passwords manually. Is this correct? >> > > Yes. > > If you want to postpone having to get your users to reset their > passwords, you could try the pam-passthru plugin: > http://cvs.fedoraproject.org/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/README?root=dirsec&rev=1.6&view=auto > > >> I was hoping that I could take the Linux PAM MD5 and plonk it inside >> Directory Server but this doesn''t seem possible. Unless there is some >> plugin designed for this that understands Linux MD5? >> > > Not that I know of, but it shouldn''t be that difficult to write using > the existing pwdstorage plugins as a starting point. >You might try the crypt format. On most linux platforms, system crypt uses MD5.> >> Thanks >> >> Joel >> >> >>> -----Original Message----- >>> From: fedora-directory-users-bounces@redhat.com >>> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf >>> Of Jonathan Barber >>> Sent: Monday, 24 December 2007 11:49 PM >>> To: General discussion list for the Fedora Directory server project. >>> Subject: Re: [Fedora-directory-users] Migrating RHEL users to >>> Directory Server >>> >>> On Fri, Dec 21, 2007 at 01:51:30PM +1100, Joel Heenan wrote: >>> >>>> Fedora Directory Users, >>>> >>>> I have a bunch of users currently using local RHEL 4 local >>>> >>> unix user >>> >>>> accounts for their usernames and passwords and I would like >>>> >>> to migrate >>> >>>> them to Directory Server. My question concerns the MD5 sum password. >>>> >>>> I tried adding a user joeltest with password joeltest and I >>>> >>> got hash: >>> >>>> JqBiQXU4$gnJeKmNzXy.kaXUaBIygs0 >>>> >>>> from RHEL but I got hash: >>>> >>>> WGvQgGYUH2UOX2ZA1IQeyQ=>>>> >>> This value is the base64 encoded value of the md5 digest of >>> the password, and is the same as the md5 digest of "joeltest": >>> $ echo -n "joeltest" | openssl dgst -md5 -binary | openssl >>> base64 WGvQgGYUH2UOX2ZA1IQeyQ== $ >>> >>> Regards. >>> >>> >>>> >From Directory Server when I set the same password. >>>> >>>> I''m guessing this is to do with further encodings placed on the >>>> password hash. Hoping someone has done this before and can >>>> >>> point me in >>> >>>> the right direction? >>>> >>>> Thanks >>>> >>>> Joel >>>> >>> -- >>> Jonathan Barber >>> High Performance Computing Analyst >>> Tel. +44 (0) 1382 386389 >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files. >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >
Andrew C. Dingman
2008-Jan-07 08:26 UTC
Re: [Fedora-directory-users] Migrating RHEL users to Directory Server
On Thu, 2008-01-03 at 12:35 -0700, Rich Megginson wrote:> You might try the crypt format. On most linux platforms, system > crypt > uses MD5.This will work with hashes from /etc/shadow that start ''$1$''. It should also work with the old-style DES hashes that you shouldn''t be using anymore. For example, if you had a shadow line that read: username:$1$CxLcjTxD$IRuWOqGVHrXJkJsRdPYqq.:12345:0:99999:7::: Then the userpassword value would be ''{crypt}$1$CxLcjTxD $IRuWOqGVHrXJkJsRdPYqq.''