Convert existing openLDAP password from SSHA to SHA-1
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Fri Aug 19 18:44:58 UTC 2011
On Fri, Aug 19, 2011 at 11:33:34AM -0700, Ian Petersen wrote:
> You'd need the passwords in plain text to be able to do that. If you
> have, or can get, the plain text, you could then hash them with any
> tool that generates SHA-1s.
If you had the passwords in plain text then you are already doing
passwords very wrong.
Best thing to do is set a new hash to use for new passwords, and then
as people change them they will be converted to a new hash.
You could always force expiry for all passwords to force people to change
them, but that might be a bit annoying.
--
Len Sorensen
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list