Hi all,
I''m trying to get working SSHA password generation in JavaScript.
I''ve
found interesting topic which I want to ask about.
Is there any presumption about salt length? I''ve tried salt
"saltedsalt"
and password "abcd". It produced string
{SSHA}/OwjNeakcceT6szrxGOMHUb53XJzYWx0ZWRzYWx0 which when inserted into
userPassword attribute crashed slapd daemon when the user tried to log
on. With random salt of length 13 everything works fine. Maybe there is
some mistake related to base64 padding, but even with one or two
trailing = this hash crashed the slapd daemon.
FDS is 1.0.2
Radek
Mike Jackson
2006-Sep-09 17:34 UTC
Re: [Fedora-directory-users] SSHA Password hash function
Radek Hladik wrote:> Hi all, > I''m trying to get working SSHA password generation in JavaScript. I''ve > found interesting topic which I want to ask about.You don''t need to generate password hashes externally, the server will do it for you. Enable SSHA password hashing in the server, and modify the userPassword attribute with a plaintext value via SSL for transport security. The server will hash the userPassword value for you. Or you could use the password modify extended operation... -- mike
Radek Hladik
2006-Sep-10 13:02 UTC
Re: [Fedora-directory-users] SSHA Password hash function
Mike Jackson napsal(a):> Radek Hladik wrote: >> Hi all, >> I''m trying to get working SSHA password generation in JavaScript. I''ve >> found interesting topic which I want to ask about. > > > You don''t need to generate password hashes externally, the server will > do it for you. > > Enable SSHA password hashing in the server, and modify the userPassword > attribute with a plaintext value via SSL for transport security. The > server will hash the userPassword value for you. Or you could use the > password modify extended operation...Thanks, I didn''t know about this possibility. But I would like to also provide the user with option to verify the hash. And password not leaving the client computer is good bonus too. However the code is working now, only some salt lengths cause troubles. And it is also not good that slapd crashes with the incorrect hash (yes, I''ve filed that as bug 205907 :-) ). Radek