search for: ssha

Dear friends, We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4. When a windows user changes his password using Ctrl-Alt-Del the password is stored on ldap in SSHA format but we need to work with CRYPT because we have some apps that don't support SSHA. These are the lines related with authentication defined in smb.conf: encrypt passwords = yes ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = "...

Poking around in the code for dovecot-stable seems to indicate that support has been added for the {SSHA} password scheme. This is not reflected in dovecot-ldap.conf. Is the SSHA code actually functional? Thanks! -Ben

Hi there, I was wondering if someone could explain how dovecot/dovecotpw produces salt for use in ssha passwords, I'd like to replicate this in PHP so I can write my passwords from php in ssha instead of just sha1. Thanks in advance, Andrea Baitis

Is it possible to take a SSHA password from an ldif and create a proper sambaNTpassword from it? Here's the scenario: the ldap servers in our organization do not have the samba schema installed and the likelihood of that happening is slim. I still want to provide clients with as close to a single sign on solution as...

Hi, I have to bring samba4 as a DC in my setup which currently runs zimbra mail server, I need to migrate all the users with their passwords to samba4. I am able to extract the users and their ssha encrypted passwords, But am unable to set the passwords of these users as ssha. I really don't want to reset the passwords of all the users. Can anybody tell if/how i can set the passwords of users as pre-encrypted ssha passwords. Note:- i donn't have the magic number for encryption in zimb...

We are currently running a production mail server using version 0.990.99.11-2 (latest RPM from RHEL/CentOS). We would like to migrate more virtual domains off our courier imap server to dovecot but the courier imap user passswords are stored in LDAP and are SSHA hashed which is not supported by our current version of dovecot (CRYPT only). >From reading the mailing lists this feature is now available but I am hesitant to move a production server to a beta software release. Apart from waiting for a 1.0-final RPM, what is the simplest/best way for us to...

Hello, I've the following goal to reach : modify the attribute userPassword via a Java method in a Samba LDAP tree. I successfully changed the SSHA password in the LDAP. But I can't open a session with this new password. It seems, that sambaNTPassword et sambaLMPassword must be changed too ... but i don't know how to do it ... Any idea ? Regards -- Herv? H?noch Responsable informatique Institut Sainte Catherine 1750, chemin du L...

...eth providing SSO. During my studies of Asterisk, i see a lot of people talking about the incapacity of asterisk (more precisely because of SIP) to authenticate against a ldap that uses password encrypted for anything other than MD5. I like to know if exist any how to use Asterisk + Ldap (using SSHA and SHA passwords). It can be achieved in some how? PS: Sorry for my bad english. Best Regards, Paulo V. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130310/ea4ae696/attachment.htm>

...ypt::SaltedHash; my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1'); $csh->add($passwd_string); my $salted = $csh->generate; also use Digest::SHA1; use MIME::Base64; $ctx = Digest::SHA1->new; $ctx->add($passwd_string); $ctx->add('salt'); my $salted = '{SSHA}' . encode_base64($ctx->digest . 'salt' ,''); But it doesnt work. Basically what im doing is authenticating against a mysql db. If i do a dovecotpw -s SSHA -p password and update the DB, then the mail client authenticates perfectly. If anyone can help, it would be most a...

...atabase. The user password are stored in form: {crypt}mypasswd. In dovecot-ldap.conf I have default_pass_scheme = CRYPT. All is working fine. The problem in the crypt scheme is that I can't have passwords more than 8 characters long. So I've tried to change the type of the ldap passwords in SSHA or SMD5, but in this way the users can't authenticate yourselfs. Dovecot doesn't understand SSHA or SMD5?

...to Samba 3.0.14 with ldap today. Smbldap-tools are the latest stable version from tarball. No errors during vampire and everyone came over and the groups and group memberships populated fine. We couldn't connect to the server as any user from client PC's. The smbldaptools were set to use SSHA encryption for password attribute but phpldapadmin showed the passwords as CRYPT with only 8 chars for all users. I suspect the passwords never came over. In my previous lab, the passwords migrated as SSHA encryption and worked fine. I used smbldap-passwd to reset the password for one of the users...

...alt><password>, the patched method was verified to return same value as dovecotpw) and the passwords are stored in the database separately as the salted hash and the salt. When I query the values out of the database, I'm using MySQL's concat function to return the password as {SSHA.hex}<sha1 hash><salt>. Dovecot is not able to verify any passwords right now. I've scoured the wiki and I think my setup is correct...config info is below. Any advice on where to look for debugging or setup of my passwords would be appreciated! Ben dovecot-sql.conf: defaul...

...e process I ran "doveadm pw" again to make certain I had not accidentally pasted the wrong value along with a username. (I'm re-submittting after setting up a subscription, so I don't have to wait for the moderator) , What happened next surprised me greatly: if I specify "-s ssha", the resulting hashed password changes each time I invoke "doveadm pw", but if I do not specify the hashing method, I get the same password each time (as I expect). What on earth is going on here? There must be something fundamental that I am missing. ==============================...

...w if a generated password hash correspond to a given clear password. This can be useful to check if a hash generated by another program can be verified by Dovecot without any errors. This patch adds the ability the verify a password hash using `doveadm pw` via the `-V` option. ??? $ doveadm pw -s SSHA.hex ??? Enter new password: ??? Retype new password: ??? {SSHA.HEX}58b910d947c60b35be3e12b0d9897c1f87dfa450e6d5a75c ??? $ doveadm pw -s SSHA.hex -V{SSHA.HEX}58b910d947c60b35be3e12b0d9897c1f87dfa450e6d5a75c ??? Enter new password: ??? Retype new password: ??? {SSHA.HEX}4fdf801f57870fb624bee60895c23...

...nds" so you don't have to bind as a user with read privileges to everyone's userPassword attribute? For security purposes I'd like to see this functionality. And my next concern would become a non-issue if the above was supported, but is there a way to set the dnpass equal to a SSHA password? When I try setting it like this: dnpass = {SSHA}VhxqnmwCLVQj7g3rQV+g9F3XnaJ6bRXR in dovecot-ldap.conf It still tries to do a simple bind and fails. I get this error: dovecot-auth: LDAP: ldap_simple_bind_s() failed \ (dn cn=authadmin,ou=people,dc=domain,dc=com): Invalid credentials...

Hi, I have dovecot-0.99.11-1.FC3.4 running on fedora core 3, and authenticating with openLDAP on a remote server. When i try to authenticate, i get the error "Unknown password scheme SSHA". I read that earlier on this mailing list, SSHA was not suported by dovecot. Is it supported now? what should i do to make my password authentication work? The users in the openLDAP database have userPassword {SHA} already used by other services, so i cannot change them. Any suggestions?...

i have CentOS 4.5 with OpenLDAP 2.2.13. OpenLDAP contains users with SSHA-ed and CRYPT-ed passwords. the one and ugly thing is that users with CRYPT-ed passwords cannot bind to this LDAP server. however users with SSHA passwords do can. is there any solution without recompiling anyhting? -- Be Secure, Stay Open - live w/ OpenBSD -------------- next part --------------...

...eir password with the 'passwd' command. My problem is that recently I've tested our users's password for weak entries (with john the ripper) and found that all the password changed with 'passwd' and thus pam_ldap where stored in the directory in cleartext form instead of SSHA. I have "password-hash {SSHA}" in slapd.conf and though that means that SSHA hashes was enforced for all stored password. Both servers are Centos 4.4 fully updated and everything came from standard repositories. Is there someone who manage to use pam_ldap and the use of the 'passwd...

...uot; encryption. In the "10-auth.conf" file, I tried: auth_mechanisms = plain argon2id Upon restarting dovecot, I received an error message when attempting to actually it: auth: FATAL: Unknown authentication mechanism "ARGON2ID" Output from doveadm pw -l doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 I assume I am making a stupid mistake, b...

...ec 18 10:25:07 server deliver(user.yxz at somedom.de): User request from dovecot-auth timed out Dec 18 10:25:07 server postfix/pipe[22156]: 63861180062A7: to=<user.yxz at somedom.de>, relay=dovecot, delay=60, status=deferred (temporary failure) Dec 18 10:33:09 server dovecot: auth(default): ssha_verify(info at mydom.de): invalid SSHA base64 decode Dec 18 10:33:09 server dovecot: auth(default): cache(info at mydom.de,84.166.106.150): Password mismatch Dec 18 10:33:09 server dovecot: auth(default): cache(info at mydom.de,84.166.106.150): SSHA(1234) != '1234' Dec 18 10:33:11 server do...