From owner-freebsd-current@FreeBSD.ORG Mon Nov 15 09:42:59 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57EC216A4CE for ; Mon, 15 Nov 2004 09:42:59 +0000 (GMT) Received: from volt.iem.pw.edu.pl (volt.iem.pw.edu.pl [194.29.146.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8759343D1F for ; Mon, 15 Nov 2004 09:42:58 +0000 (GMT) (envelope-from wielebap@volt.iem.pw.edu.pl) Received: from volt.iem.pw.edu.pl (wielebap@localhost [127.0.0.1]) by volt.iem.pw.edu.pl (8.13.1/8.13.1) with ESMTP id iAF9gt48022880 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 15 Nov 2004 10:42:55 +0100 (CET) (envelope-from wielebap@volt.iem.pw.edu.pl) Received: (from wielebap@localhost) by volt.iem.pw.edu.pl (8.13.1/8.12.10/Submit) id iAF9gtDk022879; Mon, 15 Nov 2004 10:42:55 +0100 (CET) (envelope-from wielebap) Date: Mon, 15 Nov 2004 10:42:55 +0100 From: Pawel Wieleba To: freebsd-current@freebsd.org Message-ID: <20041115094255.GA19206@volt.iem.pw.edu.pl> References: <4196398D.2030000@fer.hr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4196398D.2030000@fer.hr> User-Agent: Mutt/1.5.6i X-Mailman-Approved-At: Mon, 15 Nov 2004 13:10:13 +0000 cc: Ivan Voras Subject: Re: Passwd format? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2004 09:42:59 -0000 On Sat, Nov 13, 2004 at 05:42:53PM +0100, Ivan Voras wrote: > The Handbook and crypt(3) say passwords in master.passwd are MD5 hashes > if they start with $1$, for example: > > $1$DP.s8oCc$VJo0/026/S5ng6HlD1Sz8/ > > the format is $1$salt$rest. I have several questions: > > How are the values encoded? This looks something like base64. > > Is it possible to actually verify the password against this format using > only a bare implementation of the md5 algorithm? No. > > Actually, the reason for these questions is that I'm considering using > LDAP authentication on a machine with lots of users and I'm wondering if > existing passwd information could be transported to LDAP. Any > experiences/docs on this? Yes of course. I have migrated from /etc/master.passwd to LDAP. I've used MigrationTools and changed them to support FreeBSD /etc/master.passwd file. www.padl.com/download/MigrationTools.tgz A patch to migrate_common.ph is available from my web: www.iem.pw.edu.pl/~wielebap/ldap/migrationtools/migrate_common.ph.diff A have created a new migrate_masterpasswd.pl (changed migrate_passwd.pl) www.iem.pw.edu.pl/~wielebap/ldap/migrationtools/migrate_masterpasswd.pl You can also use pam_ldap to migrate password hash from one to another hash format: http://www.freebsd.org/cgi/query-pr.cgi?pr=71289 www.iem.pw.edu.pl/~wielebap/ldap/pam_ldap/pam_ldap_doc.pdf (section 1) It may be helpful to see PRs: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/73448 http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/72867 Pawel Wieleba P.Wieleba@iem.pw.edu.pl