[Fedora-directory-users] Exporting MD5 Hash from FD-DS into/etc/shadow

DeMarco, Dennis DDeMarco at seisint.com
Wed Apr 19 20:12:15 UTC 2006 

I had some time to play with this. I do not believe it can be done
easily unless another password storage mechanism is made as a plug-in. 

The GNU-MD5 password format for /etc/shadow I believe is:

$1$, followed by an 8 character salt, $, 22 character hash.

Seems like something that could be very useful though. I have some
servers in which are considered super 'production' not in LDAP but liked
to export users from LDAP to make /etc/passwd/shadows.



- Dennis




-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Howard
Chu
Sent: Wednesday, April 19, 2006 4:05 PM
To: fedora-directory-users at redhat.com
Subject: Re: [Fedora-directory-users] Exporting MD5 Hash from FD-DS
into/etc/shadow

fedora-directory-users-request at redhat.com wrote:
> Date: Tue, 18 Apr 2006 20:14:31 +0300
> From: Mike Jackson <mj at sci.fi>
>
> dennis at demarco.com wrote:
>   
>> I would like to export the MD5 hash from the Fedora directory user's 
>> password attribute into /etc/shadow of a Linux machine not in LDAP 
>> (Redhat).
>>
>> It appears this isn't working, is there a way for me to do this? Not
all 
>> machines are using ldap but I would like to export from ldap.
>>     
>
>
> Hi,
>   I haven't tried this, but here's an idea just off the top of my head

> which _might_ work:
>
>
> 1. take away the {MD5} from the string
>
> 2. base64 decode the rest of the string
>
> 3. convert the string to hex
>
> 4. put the $1$ at the front of the hex string
>
> 5. put the whole string into the password field in /etc/shadow and
test
>
>
> If that works, you could write a perl script to automate the
procedure. 
> And report back to the list as well :-)
>
>   
No, the password field is not in hex, it uses the same 6-bit encoding 
that DES crypt() uses, which is different from base64. base64 uses the 
characters [A-Z][a-z][0-9]+/ while crypt uses the characters 
./[0-9][A-Z][a-z] (in those exact orders).

--
  -- Howard Chu
 Chief Architect, Symas Corp.   http://www.symas.com
 Director, Highland Sun   http://highlandsun.com/hyc
 OpenLDAP Core Team  http://www.openldap.org/project/

--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

This message (including any attachments) 
contains confidential information intended for a 
specific individual and purpose, and is protected 
by law.  If you are not the intended recipient, you 
should delete this message.  Any disclosure, 
copying, or distribution of this message, or the 
taking of any action based on it, is strictly 
prohibited.

More information about the Fedora-directory-users mailing list