Re: [Fedora-directory-users] Exporting MD5 Hash from FD-DS into /etc/shadow

[Howard Chu <hyc symas com>]

fedora-directory-users-request redhat com wrote:
> Date: Tue, 18 Apr 2006 20:14:31 +0300
> From: Mike Jackson <mj sci fi>
>
> dennis demarco com wrote:
>   
> > I would like to export the MD5 hash from the Fedora directory user's 
> > password attribute into /etc/shadow of a Linux machine not in LDAP 
> > (Redhat).
> >
> > It appears this isn't working, is there a way for me to do this? Not all 
> > machines are using ldap but I would like to export from ldap.
> >     
>
>
> Hi,
>   I haven't tried this, but here's an idea just off the top of my head 
> which _might_ work:
>
>
> 1. take away the {MD5} from the string
>
> 2. base64 decode the rest of the string
>
> 3. convert the string to hex
>
> 4. put the $1$ at the front of the hex string
>
> 5. put the whole string into the password field in /etc/shadow and test
>
>
> If that works, you could write a perl script to automate the procedure. 
> And report back to the list as well :-)
>
>   
No, the password field is not in hex, it uses the same 6-bit encoding 
that DES crypt() uses, which is different from base64. base64 uses the 
characters [A-Z][a-z][0-9]+/ while crypt uses the characters 
./[0-9][A-Z][a-z] (in those exact orders).

--
 -- Howard Chu
Chief Architect, Symas Corp.   http://www.symas.com
Director, Highland Sun   http://highlandsun.com/hyc
OpenLDAP Core Team  http://www.openldap.org/project/