RE: saslauthd -a ldap ( possible BO / bug with long userpassword strings ? )


Subject: RE: saslauthd -a ldap ( possible BO / bug with long userpassword strings ? )
From: Igor Brezac (igor at ipass dot net)
Date: Wed Apr 16 2003 - 10:47:49 EDT


On Wed, 16 Apr 2003, Howard Chu wrote:

> > -----Original Message-----
> > From: owner-cyrus-sasl at lists dot andrew dot cmu dot edu
> > [mailto:owner-cyrus-sasl at lists dot andrew dot cmu dot edu]On Behalf Of Igor Brezac
>
> > > dn: uid=test,dc=testdomain,dc=com
> > > modify userpassword
> > > userpassword: {crypt}$1$cnd5NASV$hOHd2091l3Ui.pxHUA0dm0
> >
> > This is not crypt hash (unix crypt hash has 13 characters).
>
> Some newer versions of Unix (and Linux) crypt() use MD5 hashes as above
> instead of DES. The above string would be valid on such a platform.
>

Shouldn't those hashes be prefixed with {MD5} or
{SMD5}?

-- 
Igor







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD