Comments (4)
Comment #1 originally posted by jaqx0r on 2015-03-02T01:23:05.000Z:
What format are SSHA passwords in, i.e. how are they presented so we can identify them?
I am struggling to recall, but I think the reason is due to what format the PAM library can decrypt -- this output gets written to the shadow cache and then used by PAM to let you log in. If PAM supports SSHA, then this will be trivial to support.
from nsscache.
Comment #2 originally posted by jaqx0r on 2015-03-02T08:55:45.000Z:
http://www.openldap.org/faq/data/cache/347.html
"...{SHA} and {SSHA} are RFC 2307 passwords schemes which use the SHA1
secure hash algorithm. The {SSHA} is the seeded varient..."
{SSHA} is default scheme used by slappasswd and so my users all have
SSHA passwords stored in LDAP.
It looks like the PAM library can not decrypt SSHA. According to the
crypt(3) man page the supported encryption methods are:
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
Damn. So all users must reenter their passwords if I use nsscache for
the passwords too.
from nsscache.
Comment #3 originally posted by jaqx0r on 2015-03-03T01:25:10.000Z:
Primarily, nsscache is designed for synchronising the NSS databases, not PAM, so I recommend that you continue accessing yoru LDAP directory via PAM for authentication and use nsscache for the nameservice lookups as a complement to each other.
from nsscache.
Comment #4 originally posted by jaqx0r on 2015-03-03T07:55:27.000Z:
OK, thank you. I will use nsscache for nameservices and do pam auth with
libpam-ldap or libpam-ldapd.
from nsscache.
Related Issues (20)
- nsscache doesn't map all members of a group HOT 2
- reformat by removing error E713 for membership test HOT 7
- ShadowExpire == -1 HOT 1
- sshkey map fails to import HOT 4
- Not all LDAP servers provide LastModification Dates
- bsddb3 is deprecated HOT 3
- `uidattr` ignored when writing out groups
- mox3 archived & deprecated upstream, please update tests to not use it HOT 3
- Does not work offline. HOT 6
- Question: Merge groups with the same ids
- Add support for GCS source HOT 1
- Example AuthorizedKeysCommand returns keys for other users if the username is a substring HOT 2
- Please support nested groups HOT 11
- Tagging of versions HOT 3
- nsscache doesn't update group cache from ldap source HOT 7
- ConfigParser.NoSectionError: No section: 'suffix' with nsscache >= 0.36 HOT 2
- configure nsscache with samba4 active directory HOT 31
- is nsscache python3 compatible? HOT 25
- Get integration tests running in CI HOT 37
- Properly define byte vs string types in source and cache api boundaries
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nsscache.