[pkg-kolab] Bug#406265: More information needed
Mathieu Parent
math.parent at gmail.com
Mon Jun 16 18:29:05 UTC 2008
Package: kolab-webadmin
Followup-For: Bug #406265
Hi, thanks for the report.
I've checked the code and found nothing particular.
The password is created by using (see complete functions next):
$ldap_object['userPassword'] = ssha( $_POST['password_0'], gensalt());
This algorithm corresponds to what is described in
http://www.openldap.org/faq/index.cgi?_highlightWords=ssha&file=347
I've some questions :
- does this problem occurs everytime or some times ?
- can you reproduce it with the current pre-experimental packages (see
http://wiki.kolab.org/index.php/Debian_-_Administrators_-_Installation
for installation instructions)
- what do you mean by 'the terminal =' ? My understanding is that the
presence of = depends (quoting http://en.wikipedia.org/wiki/Base64:
After encoding padded data, if two octets were remaining to encode,
one
"=" character is appended to the output; if one octet was remaining,
two
"=" characters are appended. This signals the decoder that the zero
bits
added due to padding should be excluded from the reconstructed data.
This also guarantees that the encoded output length is a multiple of 4
bytes.)
Thanks
--functions
function ssha($string, $salt)
{
return "{SSHA}" . base64_encode(pack("H*", sha1($string . $salt)) .
$salt);
}
// return 4 random bytes
function gensalt()
{
$salt = '';
while (strlen($salt) < 4)
$salt = $salt . chr(mt_rand(0,255));
return $salt;
}
More information about the pkg-kolab-devel
mailing list