|
|
Mixed SHA, MD5 and Crypt Password Authentication
I have a large number of Solaris2.8 system that I manage. Currently
all of our web based appications authenticate against LDAP. Now since
I don't have control over the LDAP servers to make significant schema
changes we are using NIS to authenticate our developers and
administrators.
Now for the problem, I have written a set of Perl modules and scripts
to extract the information and user base I need from the LDAP server
to create my NIS map files. The only problem I have is that Solaris
is not able to decrypt password strings other than CRYPT encrypted
strings, and the strings I'm receiving from the LDAP server include
{SHA}, {MD5} and {CRYPT} in front of the hash. Ok I can strip of the
designator, but that doesn't solve the authentication piece.
Does anyone know of a PAM module or another mechanism that will allow
me to have mixed mode passwords in NIS?
If nothing has been created, does anyone know of a HOWTO which
describes the creation of a new PAM module?
Is there anything else linking NIS with LDAP?
Thanks,
Rick
|
|
0
|
|
|
|
Reply
|
 rhnorwoodjr
|
2/13/2004 9:27:52 PM |
|
In comp.unix.solaris Richard H. Norwood Jr. <rhnorwoodjr@netscape.net> wrote:
| Now for the problem, I have written a set of Perl modules and scripts
| to extract the information and user base I need from the LDAP server
| to create my NIS map files. The only problem I have is that Solaris
| is not able to decrypt password strings other than CRYPT encrypted
| strings, and the strings I'm receiving from the LDAP server include
| {SHA}, {MD5} and {CRYPT} in front of the hash. Ok I can strip of the
| designator, but that doesn't solve the authentication piece.
|
| Does anyone know of a PAM module or another mechanism that will allow
| me to have mixed mode passwords in NIS?
Sorry, I don't know a solution to what you really asking for but if your
LDAP admins use CRYPT (same as UNIX old style encyption used in Solaris 8)
you can setup a Solaris 9 box using it's latest YP server which can act as
LDAP to YP gateway.
| If nothing has been created, does anyone know of a HOWTO which
| describes the creation of a new PAM module?
PADL has written nice PAM modules which can be used to authenticate Solaris
users against a LDAP server. This might be a nice starting point.
Also looking at OpenSource stuff like FreeBSD and other offer a good intro
as well as Suns documentation.
| Is there anything else linking NIS with LDAP?
see above: the latest Solaris 9 update.
Thomas
-----------------------------------------------------------------
PGP fingerprint: B1 EE D2 39 2C 82 26 DA A5 4D E0 50 35 75 9E ED
|
|
|
0
|
|
|
|
Reply
|
Thomas
|
2/13/2004 9:54:10 PM
|
|
|
1 Replies
411 Views
(page loaded in 0.039 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
3277 articles. 
4 followers. 