Find the answer to your Linux question:
Results 1 to 2 of 2
Hello, I am currently working on a project and have hit a brick wall. I will try to keep this short... basically we have Coldfusion app that will be query'ing ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2009
    Posts
    1

    Need help duplicating password


    Hello,

    I am currently working on a project and have hit a brick wall.

    I will try to keep this short... basically we have Coldfusion app that will be query'ing our LDAP server for a login page authentication. Since we can't decrypt the passwords stored we are going to encrypt the user-provided password and match the encrypted form to validate.

    However, I can't seem to figure out how the system is encrypting things.

    I found on an OpenLDAP mailing list that OpenLDAP just uses the system encryption.

    The system is CentOS 4.7.

    This is the output of /etc/sysconfig/authconfig:

    USEMD5=yes
    USECRACKLIB=yes
    USEDB=no
    USEHESIOD=no
    USELDAP=yes
    USENIS=no
    USEPASSWDQC=no
    USEWINBIND=no
    USEKERBEROS=no
    USELDAPAUTH=yes
    USESHADOW=yes
    USESMBAUTH=no
    USEWINBINDAUTH=no
    USELOCAUTHORIZE=yes
    USEPAMACCESS=no
    PASSWDALGORITHM=md5

    While it says MD5, from what I can see it isn't just a normal md5 string (maybe has a salt added to it? If so, how do you get the salt?)

    Maybe I'm completely on the wrong track, can anyone help?

    The strings all start with "$1$" if that helps any.

    Thank you so much!

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    the $1$ indicated indeed a salt
    New Users, please read this..
    Google first, then ask..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •