* CentOS 5.8, LDAP server & client
* Multiple CentOS 5.8 and CentOS 6.3 LDAP clients
Symptom: Client authentication requests for some users succeed while other users fail.
Details:
- Any user with an MD5 password hash passes LDAP authentication
- Any user with a SHA512 password hash fails LDAP authentication
- /etc/login.defs on all systems contains ENCRYPT_METHOD SHA512
- Local users with SHA512 passwords on LDAP server can login without problems
- Local users with SHA512 passwords on LDAP clients can login without problems
- No errors in system logs on either clients or server related to this problem
LDAP authenticates users w/ MD5 passwords but not SHA512
-
- Posts: 2
- Joined: 2012/09/06 00:19:05
-
- Posts: 2
- Joined: 2012/09/06 00:19:05
Re: LDAP authenticates users w/ MD5 passwords but not SHA512
More information:
* Setting the encryption method to MD5 on the LDAP server (using system-config-authentication) and resetting passwords does not ameliorate the problem, including after restarting the server and clients.
* New user added with MD5 password hash cannot authenticate on LDAP clients, either. Old users continue to work just fine.
* Old user password changed to SHA512 hash continues to work just fine, so it is only coincidental that old users have MD5 and new users have SHA512 hashes.
* Setting the encryption method to MD5 on the LDAP server (using system-config-authentication) and resetting passwords does not ameliorate the problem, including after restarting the server and clients.
* New user added with MD5 password hash cannot authenticate on LDAP clients, either. Old users continue to work just fine.
* Old user password changed to SHA512 hash continues to work just fine, so it is only coincidental that old users have MD5 and new users have SHA512 hashes.