Date: Tue, 17 Oct 2000 01:11:14 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: billf@chimesnet.com (Bill Fumerola) Cc: shocking@houston.rr.com (Stephen Hocking), hackers@FreeBSD.ORG Subject: Re: Getting Linux NIS to work with FreeBSD NIS servers Message-ID: <200010170111.SAA05324@usr05.primenet.com> In-Reply-To: <20001015232612.S37870@jade.chc-chimes.com> from "Bill Fumerola" at Oct 15, 2000 11:26:12 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> > The Linux box appears toknow about the users, it just cant get > > the passwords right - something tickles my mind about DES vs > > MD5, is this the case, and how do I convert my MD5 passwords > > if needed? > > Yes thats the case, no there is no "conversion" program. If there was > a conversion program it would mean there is a way to translate to plaintext > and that obviously isn't the case (modulo brute-force). You can also implmenet an update proxy, using an appropriate PAM mechanism, if you force it to go through PAM; I did a similar thing to provide a migration path for an email system from one provider to a new provider. The way it works is that you communicate your password to the proxy before the cryptographic has (of whatever flavor) is applied. If the credentials don't yet exist, in the new database, you apply the legacy hash, and check the value in the legacy database. If this matches, then you know the password is valid in the legacy database. You then apply the new cryptographic hash to the plaintext, resulting in a new password. You store the new value in your new database, and you're done. Cyrus has both IMAP4 and POP3 proxies that are easily adapted to this sort of scheme; for example, for migrating credentials from a UNIX-style password file into an OpenLDAP 2.0 (LDAPv3) directory... Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010170111.SAA05324>