Daniel Shackelford
2006-Jan-20 14:13 UTC
[Fedora-directory-users] Grabbing unix crypt of password
Hello, We have scripts that are currently looking at our Win2003 and grabbing the user passwords via SFU. This is in a Unix crypt format, and it is then stuffed into the local passwd file and httpauth file on our HPUX server. We are attempting to move to FDS and it would be super nice if we could just change a few line of our current scripts to get the password crypts from there instead. Are my hopes too high? -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45
Richard Megginson
2006-Jan-20 14:48 UTC
Re: [Fedora-directory-users] Grabbing unix crypt of password
Daniel Shackelford wrote:> Hello, > > We have scripts that are currently looking at our Win2003 and grabbing > the user passwords via SFU. This is in a Unix crypt format, and it is > then stuffed into the local passwd file and httpauth file on our HPUX > server. We are attempting to move to FDS and it would be super nice > if we could just change a few line of our current scripts to get the > password crypts from there instead.So, grab the crypt''ed password from Win2003 and store that as the userPassword attribute in FDS? Sure, FDS supports crypt.> > Are my hopes too high? >
David Boreham
2006-Jan-20 15:21 UTC
Re: [Fedora-directory-users] Grabbing unix crypt of password
Daniel Shackelford wrote:> We have scripts that are currently looking at our Win2003 and grabbing > the user passwords via SFU. This is in a Unix crypt format, and it is > then stuffed into the local passwd file and httpauth file on our HPUX > server. We are attempting to move to FDS and it would be super nice > if we could just change a few line of our current scripts to get the > password crypts from there instead. > > Are my hopes too high?Perhaps not. This is essentially exactly what the ''passsync'' service for the FDS Windows Sync feature does (except it sends the plaintext password over the wire, SSL protected, and lets FDS do the crypting). You could modify your existing sctipt (add a call to ''ldapmodify''). You might take a look at the passsync source code for some inspiration on how to find the entry to modify in the DS, and so on.