OpenLDAP Quick Tips: Creating encrypted passwords

Wednesday, November 19. 2008

Hi All,

Here's my 6th tip in the "OpenLDAP Quick Tips" series:

"You want to encrypt the passwords that are stored in your directory server":

Previously we covered slaptest, so the next one we will cover in the slap* set of command lines tools is slappasswd

To create an encrypted password for a password "testing", we do:

CODE:

[root@suretec ~]# slappasswd New password: Re-enter new password: {SSHA}4Q/jfwS2oPJtQDq7bmHozKOWkgDJNLEb

The default is SSHA encryption, which is the recommended. You can also generate a random password with the -g option:

CODE:

[ghenry@suretec ~]$ /usr/local/sbin/slappasswd -g t5e7xEJE

Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

Posted by Gavin Henry in Open Source, OpenLDAP, Suretec at 11:47 | Comments (3) | Trackbacks (2)

Defined tags for this entry: Directory Services

, Enterprise Backups

, Enterprise Directory

, IAM

, IDM

, Identity Management

, LDAP

, LDAP Replication

, LDAP Schema

, Linux

, Open Source

, OpenLDAP

, OpenLDAP Newsletter

, OpenLDAP Quick Tips

, Replication

, Suretec

, Symas

, X.500

, ldap

, openldap

Related entries by tags:

Trackbacks

Trackback specific URI for this entry

OpenLDAP Quick Tips: Switch to the dynamic config backend (cn=config)
Hi All, Here's my 12th tip in the "OpenLDAP Quick Tips" series: "You want to switch from slapd.conf to the configuration backend to slapd": The config backend is backward compatible with the older slapd.conf(5) file but provides

Weblog: The Suretec Blog
Tracked: Nov 27, 11:14

Weblog: The Suretec Blog
Tracked: Nov 27, 12:24

Comments

Display comments as (Linear | Threaded)

I discovered a picture password site at www.pixelock.com, it seems to solve the eternal secure vs remember-able password conundrum. I have used it for the past 6 months with great success. Anyone else have a comment on this sites offering?

Cheers
Steve

#1 steve on 2010-04-16 10:26 (Reply)

Hi Steve,

Looks good, but how would that integrate server side?

#1.1 Gavin Henry (Homepage) on 2010-04-16 10:38 (Reply)

Hi Gavin, once the password is generated or regenerated, it is simply copied and pasted into the the user site as required. I have also heard that Pixelock Lite is about to be launched, this is a completely anonymous Pixelock offering. I am not sure how it works yet, but I will keep an eye out for it.

#1.1.1 Anonymous on 2010-06-29 11:59 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. BBCode format allowed Pavatar/Gravatar/Favatar/MyBlogLog/Pavatar author images supported.
	Remember Information? Subscribe to this entry