Hi,
I''m trying to figure out why:
plaintext password is: password
My ldif export of the database shows:
userPassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g
Now, working backwards: http://www.fileformat.info/tool/hash.htm?text=password
SHA-1 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
Base64 of 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 is:
NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA== (Via
http://makcoder.sourceforge.net/demo/base64.php)
NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA== is not
W6ph5Mm5Pz8GgiULbPgzG37mj9g=, so I''m left wondering what is wrong.
Should I be using something other than base64? If I decode
W6ph5Mm5Pz8GgiULbPgzG37mj9g=, it doesn''t even look at all like a SHA-1
value. Password encryption is set on the server to SHA (not SSHA).
I''ve searched the Fedora Directory Server docs and can''t find
any
explanation on how userPassword works in this regard (As an aside,
anyone noticed that Google doesn''t seem to like indexing the docs very
much?).
What am I doing wrong? Also, if I used SSHA, where would I find the
salt from, assuming it''s even possible?
Thanks,
Mike
Plummer, Christina E.
2007-Dec-06 17:08 UTC
RE: [Fedora-directory-users] userPassword, base64 and hashing
The first page is giving hex-encoded output of the SHA1 digest, and then
the second page gave you a base64-encoded output of the hex. Directory
Server never bothers to convert it to hex.
A slightly wordy Perl one-liner illuminates this:
perl -e ''use MIME::Base64; use Digest::SHA1 qw(sha1 sha1_hex);
$string="password"; print "Base64:\n\t", encode_base64(
sha1($string) );
print "Hex:\n\t",sha1_hex($string),"\n"; print "Base64
of Hex:\n\t",
encode_base64( sha1_hex($string) ); ''
Base64:
W6ph5Mm5Pz8GgiULbPgzG37mj9gHex:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
Base64 of Hex:
NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA=
Hope that helps.
-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Mike C
Sent: Wednesday, December 05, 2007 8:43 PM
To: General discussion list for the Fedora Directory server project.
Subject: [Fedora-directory-users] userPassword, base64 and hashing
Hi,
I''m trying to figure out why:
plaintext password is: password
My ldif export of the database shows:
userPassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g
Now, working backwards:
http://www.fileformat.info/tool/hash.htm?text=password
SHA-1 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
Base64 of 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 is:
NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA== (Via
http://makcoder.sourceforge.net/demo/base64.php)
NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA== is not
W6ph5Mm5Pz8GgiULbPgzG37mj9g=, so I''m left wondering what is wrong.
Should I be using something other than base64? If I decode
W6ph5Mm5Pz8GgiULbPgzG37mj9g=, it doesn''t even look at all like a SHA-1
value. Password encryption is set on the server to SHA (not SSHA).
I''ve searched the Fedora Directory Server docs and can''t find
any
explanation on how userPassword works in this regard (As an aside,
anyone noticed that Google doesn''t seem to like indexing the docs very
much?).
What am I doing wrong? Also, if I used SSHA, where would I find the
salt from, assuming it''s even possible?
Thanks,
Mike
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Steven Jones
2007-Dec-06 18:50 UTC
[Fedora-directory-users] integrating shibboleth with FDS
Hi, Has anybody done this? And knows of some docs on line? regards Steven Jones Senior Linux/Unix/San/Vmware System Administrator APG -Technology Integration Team Victoria University of Wellington Phone: +64 4 463 6272
Mike C
2007-Dec-06 21:17 UTC
Re: [Fedora-directory-users] userPassword, base64 and hashing
Aha!, such a subtle difference, thank you so much! Cheers, Mike On Dec 7, 2007 6:08 AM, Plummer, Christina E. <Christina.Plummer@energyeast.com> wrote:> The first page is giving hex-encoded output of the SHA1 digest, and then > the second page gave you a base64-encoded output of the hex. Directory > Server never bothers to convert it to hex. > > A slightly wordy Perl one-liner illuminates this: > > perl -e ''use MIME::Base64; use Digest::SHA1 qw(sha1 sha1_hex); > $string="password"; print "Base64:\n\t", encode_base64( sha1($string) ); > print "Hex:\n\t",sha1_hex($string),"\n"; print "Base64 of Hex:\n\t", > encode_base64( sha1_hex($string) ); '' > Base64: > W6ph5Mm5Pz8GgiULbPgzG37mj9g> Hex: > 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 > Base64 of Hex: > NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA=> > Hope that helps.
Steven Jones
2007-Dec-06 22:44 UTC
[Fedora-directory-users] Looking for documentation to setup OSX to FDS.
regards Steven Jones Senior Linux/Unix/San/Vmware System Administrator APG -Technology Integration Team Victoria University of Wellington Phone: +64 4 463 6272
Craig White
2007-Dec-07 05:17 UTC
Re: [Fedora-directory-users] Looking for documentation to setup OSX to FDS.
On Fri, 2007-12-07 at 11:44 +1300, Steven Jones wrote:> regards >---- crystal ball cloudy... to do what? authenticate? Open up Directory Access on any Mac...it should be fairly obvious. For NFS mounts, you''ll have to get apple.schema from Apple and improvise Craig
Steven Jones
2007-Dec-09 20:03 UTC
RE: [Fedora-directory-users] Looking for documentation to setupOSX to FDS.
Hi, Authenticate, and pull down a home directory mount point to mount a CIFS/NAS file share for a mac user dependant on the user or an NFS mount point for others. So I need to have MAC clients to FDS and use password sync and pull data (one way) from AD2003. I have two classes of MAC user, the general populace who use Microsoft file services on a NAS box, so at the moment as far as I can determine I need to populate ntuserhomedir in FDS from AD2003.... Then the Mac/BSD fanatics uh...I mean users who would not be seen dead touching anything MS, so I need to populate homedirectory with a NFS mount to a RH Linux NFS server which is virtualised on VMware or (for now) an NFS mount point on a MAC OSX server..... I don''t want to have AD2003, and FDS/RDS and yet another LDAP server for the MACs.... regards Steven Jones Senior Linux/Unix/San/Vmware System Administrator APG -Technology Integration Team Victoria University of Wellington Phone: +64 4 463 6272 -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Craig White Sent: Friday, 7 December 2007 6:18 p.m. To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] Looking for documentation to setupOSX to FDS. On Fri, 2007-12-07 at 11:44 +1300, Steven Jones wrote:> regards >---- crystal ball cloudy... to do what? authenticate? Open up Directory Access on any Mac...it should be fairly obvious. For NFS mounts, you''ll have to get apple.schema from Apple and improvise Craig -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
John Call
2007-Dec-09 21:06 UTC
Re: [Fedora-directory-users] Looking for documentation to setupOSX to FDS.
Aloha Steve, and FDS list, I hope this doesn''t take away from Steve''s thread. I also authenticate Mac OS X clients to FDS. I had a real bad time trying to figure out why the Mac clients would not authenticate while, at the same time, all other clients and applications could. Eventually my team discovered that an encryption library (cyrus-sasl???) was causing the problem. Oh, and by the way, we are using Red Hat Enterprise Linux 4. The problem was solved when we removed the libraries from the system. In actuality we simply moved them from their default installation location to the /root directory. With the libraries not being found, our Mac clients could authenticate. Here is a listing of the files I''ve moved... (pleas see below) Here is a real question. I''ve forgotten the exact reason why Mac clients could not authenticate with these files in their defined locations. Could somebody on the list please re-explain this to me so that I can document it properly in my KB/KMS? Thanks, John /root/sasl2 /root/sasl2/libanonymous.so /root/sasl2/libdigestmd5.so /root/sasl2/libplain.so.2 /root/sasl2/libanonymous.la /root/sasl2/liblogin.la /root/sasl2/libsasldb.so /root/sasl2/libdigestmd5.la /root/sasl2/libdigestmd5.so.2 /root/sasl2/liblogin.so /root/sasl2/libplain.so.2.0.19 /root/sasl2/libsasldb.so.2.0.19 /root/sasl2/libdigestmd5.so.2.0.19 /root/sasl2/liblogin.so.2.0.19 /root/sasl2/libsasldb.la /root/sasl2/libplain.so /root/sasl2/libcrammd5.so /root/sasl2/libcrammd5.so.2 /root/sasl2/libplain.la /root/sasl2/libcrammd5.so.2.0.19 /root/sasl2/libcrammd5.la /root/sasl2/libsasldb.so.2 /root/sasl2/Sendmail.conf /root/sasl2/libanonymous.so.2.0.19 /root/sasl2/liblogin.so.2 /root/sasl2/libanonymous.so.2 /root/sasl /root/sasl/libanonymous.so /root/sasl/libdigestmd5.so /root/sasl/libplain.so.1.0.16 /root/sasl/libanonymous.so.1 /root/sasl/libanonymous.la /root/sasl/liblogin.la /root/sasl/libdigestmd5.la /root/sasl/liblogin.so /root/sasl/libanonymous.so.1.0.17 /root/sasl/libplain.so.1 /root/sasl/liblogin.so.0 /root/sasl/liblogin.so.0.0.7 /root/sasl/libplain.so /root/sasl/libcrammd5.so /root/sasl/libplain.la /root/sasl/libdigestmd5.so.0 /root/sasl/libcrammd5.so.1.0.19 /root/sasl/libdigestmd5.so.0.0.20 /root/sasl/libcrammd5.la /root/sasl/libcrammd5.so.1 On Dec 9, 2007, at 10:03 AM, Steven Jones wrote:> Hi, > > Authenticate, and pull down a home directory mount point to mount a > CIFS/NAS file share for a mac user dependant on the user or an NFS > mount > point for others. > > So I need to have MAC clients to FDS and use password sync and pull > data > (one way) from AD2003. > > I have two classes of MAC user, the general populace who use Microsoft > file services on a NAS box, so at the moment as far as I can > determine I > need to populate ntuserhomedir in FDS from AD2003.... > > Then the Mac/BSD fanatics uh...I mean users who would not be seen dead > touching anything MS, so I need to populate homedirectory with a NFS > mount to a RH Linux NFS server which is virtualised on VMware or (for > now) an NFS mount point on a MAC OSX server..... > > I don''t want to have AD2003, and FDS/RDS and yet another LDAP server > for > the MACs.... > > regards > > Steven Jones > Senior Linux/Unix/San/Vmware System Administrator > APG -Technology Integration Team > Victoria University of Wellington > Phone: +64 4 463 6272 > > -----Original Message----- > From: fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Craig > White > Sent: Friday, 7 December 2007 6:18 p.m. > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Looking for documentation to > setupOSX to FDS. > > On Fri, 2007-12-07 at 11:44 +1300, Steven Jones wrote: >> regards >> > ---- > crystal ball cloudy... > > to do what? authenticate? > > Open up Directory Access on any Mac...it should be fairly obvious. > > For NFS mounts, you''ll have to get apple.schema from Apple and > improvise > > Craig > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users