[pkg-kolab] Passwords
Johannes Graumann
graumann at caltech.edu
Wed May 17 15:56:01 UTC 2006
On Wednesday 17 May 2006 08:30, Marvin Stark wrote:
> > 1) is the 'rootpw' entry in slapd.conf supposed to be cleartext or
> > hashed?
>
> cleartext.
Thanks.
> > 2) How are the the hashed passwords in the example ldif data generated?
>
> You mean the example ldap data?
> If yes, the password for the user nobody is not hashed. It's a strong
> generated cleartex password.
This is curious.
http://svn.debian.org/wsvn/pkg-kolab/trunk/kolabd/debian/README.Debian?op=file&rev=0&sc=0
(which isn't available right now) reads:
> An example for the "yourkolabldapdata" can be found here:
> /usr/share/doc/kolabd/examples/slapcat.example.com.gz
>
http://svn.debian.org/wsvn/pkg-kolab/trunk/kolabd/debian/slapcat.example.com?op=file&rev=0&sc=0
>
> The passwords for the manager and users are "credativ" and for
> the nobody user "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR"
yet
http://svn.debian.org/wsvn/pkg-kolab/trunk/kolabd/debian/slapcat.example.com?op=file&rev=0&sc=0
contains this tidbit as the 'manager' password:
> dn: cn=manager,cn=internal,dc=example,dc=com
> cn: manager
> sn: n/a
> uid: manager
> userPassword:: e1NTSEF9eng5WTB0RDVCc2pEeVI2MHI4Z2hRdTBOS3JUZC9jT0I=
and the following for the 'nobody', 'calendar', 'user A', 'user B' and 'user
C' users:
> dn: cn=nobody,cn=internal,dc=example,dc=com
> cn: nobody
> sn: n/a n/a
> uid: nobody
> userPassword:: e1NTSEF9OHAzcGxqaS9kQ1BSNEhhL2JKTkgrWW80MThodDdpZ2Y=
> dn: cn=calendar,cn=internal,dc=example,dc=com
> cn: calendar
> sn: n/a n/a
> uid: calendar at example.com
> userPassword:: e1NTSEF9dnFCMmlXRGpZQVY5T2JLbDRHWVRud1lqMXpFUFlGS3A=
> dn: cn=user A,dc=example,dc=com
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: kolabInetOrgPerson
> sn: A
> cn: user A
> givenName: user
> userPassword:: e3NoYX1SNWhabkErQ0hNZXRMSkZhMit6WTB3aG1MeDQ9
> dn: cn=user b,dc=example,dc=com
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: kolabInetOrgPerson
> sn: b
> cn: user b
> givenName: user
> userPassword:: e3NoYX1SNWhabkErQ0hNZXRMSkZhMit6WTB3aG1MeDQ9
> dn: cn=user c,dc=example,dc=com
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: kolabInetOrgPerson
> sn: c
> cn: user c
> givenName: user
> userPassword:: e3NoYX1SNWhabkErQ0hNZXRMSkZhMit6WTB3aG1MeDQ9
The very similar 'userPassword' string structures for 'manager', 'nobody'
and 'calendar' along with the statements what the passwords were supposed to
be led me to believe that some hashing was going on. If that in fact is not
true, I hereby request
http://svn.debian.org/wsvn/pkg-kolab/trunk/kolabd/debian/README.Debian?op=file&rev=0&sc=0
to be patched IMMEDIATELY since I spent countless hours making Kolab work
with the passwords provided there.
Please re-verify that the passwords in
http://svn.debian.org/wsvn/pkg-kolab/trunk/kolabd/debian/slapcat.example.com?op=file&rev=0&sc=0
are supposed to be cleartext.
Joh
--
+----------------------------------------------------------------------+
| Johannes Graumann, Dipl. Biol. |
| |
| Graduate Student Tel.: ++1 (626) 395 6602 |
| Deshaies Lab Fax.: ++1 (626) 395 5739 |
| Department of Biology |
| CALTECH, M/C 156-29 |
| 1200 E. California Blvd. |
| Pasadena, CA 91125 |
| USA |
+----------------------------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-kolab-devel/attachments/20060517/18b80011/attachment.pgp
More information about the pkg-kolab-devel
mailing list