Mixed SHA, MD5 and Crypt Password Authentication
This is a discussion on Mixed SHA, MD5 and Crypt Password Authentication within the Sun Solaris Administration forums, part of the Solaris Operating System category; --> I have a large number of Solaris2.8 system that I manage. Currently all of our web based appications authenticate ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-12-2008, 06:20 AM
| ||||
| ||||
 Mixed SHA, MD5 and Crypt Password Authentication I have a large number of Solaris2.8 system that I manage. Currently all of our web based appications authenticate against LDAP. Now since I don't have control over the LDAP servers to make significant schema changes we are using NIS to authenticate our developers and administrators. Now for the problem, I have written a set of Perl modules and scripts to extract the information and user base I need from the LDAP server to create my NIS map files. The only problem I have is that Solaris is not able to decrypt password strings other than CRYPT encrypted strings, and the strings I'm receiving from the LDAP server include {SHA}, {MD5} and {CRYPT} in front of the hash. Ok I can strip of the designator, but that doesn't solve the authentication piece. Does anyone know of a PAM module or another mechanism that will allow me to have mixed mode passwords in NIS? If nothing has been created, does anyone know of a HOWTO which describes the creation of a new PAM module? Is there anything else linking NIS with LDAP? Thanks, Rick      |
|
01-12-2008, 06:20 AM
| ||||
| ||||
| Re: Mixed SHA, MD5 and Crypt Password Authentication In comp.unix.solaris Richard H. Norwood Jr. <rhnorwoodjr@netscape.net> wrote: | Now for the problem, I have written a set of Perl modules and scripts | to extract the information and user base I need from the LDAP server | to create my NIS map files. The only problem I have is that Solaris | is not able to decrypt password strings other than CRYPT encrypted | strings, and the strings I'm receiving from the LDAP server include | {SHA}, {MD5} and {CRYPT} in front of the hash. Ok I can strip of the | designator, but that doesn't solve the authentication piece. | | Does anyone know of a PAM module or another mechanism that will allow | me to have mixed mode passwords in NIS? Sorry, I don't know a solution to what you really asking for but if your LDAP admins use CRYPT (same as UNIX old style encyption used in Solaris 8) you can setup a Solaris 9 box using it's latest YP server which can act as LDAP to YP gateway. | If nothing has been created, does anyone know of a HOWTO which | describes the creation of a new PAM module? PADL has written nice PAM modules which can be used to authenticate Solaris users against a LDAP server. This might be a nice starting point. Also looking at OpenSource stuff like FreeBSD and other offer a good intro as well as Suns documentation. | Is there anything else linking NIS with LDAP? see above: the latest Solaris 9 update. Thomas ----------------------------------------------------------------- PGP fingerprint: B1 EE D2 39 2C 82 26 DA A5 4D E0 50 35 75 9E ED |
Linear Mode
