LDAP authenticates users w/ MD5 passwords but not SHA512

Support for security such as Firewalls and securing linux
Post Reply
The_Real_ARob
Posts: 2
Joined: 2012/09/06 00:19:05

LDAP authenticates users w/ MD5 passwords but not SHA512

Post by The_Real_ARob » 2012/09/06 01:21:08

* CentOS 5.8, LDAP server & client
* Multiple CentOS 5.8 and CentOS 6.3 LDAP clients

Symptom: Client authentication requests for some users succeed while other users fail.

Details:
- Any user with an MD5 password hash passes LDAP authentication
- Any user with a SHA512 password hash fails LDAP authentication
- /etc/login.defs on all systems contains ENCRYPT_METHOD SHA512
- Local users with SHA512 passwords on LDAP server can login without problems
- Local users with SHA512 passwords on LDAP clients can login without problems
- No errors in system logs on either clients or server related to this problem

The_Real_ARob
Posts: 2
Joined: 2012/09/06 00:19:05

Re: LDAP authenticates users w/ MD5 passwords but not SHA512

Post by The_Real_ARob » 2012/09/06 03:36:56

More information:

* Setting the encryption method to MD5 on the LDAP server (using system-config-authentication) and resetting passwords does not ameliorate the problem, including after restarting the server and clients.

* New user added with MD5 password hash cannot authenticate on LDAP clients, either. Old users continue to work just fine.

* Old user password changed to SHA512 hash continues to work just fine, so it is only coincidental that old users have MD5 and new users have SHA512 hashes.

Post Reply