LDAP authenticates users w/ MD5 passwords but not SHA512

Support for security such as Firewalls and securing linux
The_Real_ARob
Posts: 2
Joined: 2012/09/06 00:19:05

LDAP authenticates users w/ MD5 passwords but not SHA512

Postby The_Real_ARob » 2012/09/06 01:21:08

* CentOS 5.8, LDAP server & client
* Multiple CentOS 5.8 and CentOS 6.3 LDAP clients

Symptom: Client authentication requests for some users succeed while other users fail.

Details:
- Any user with an MD5 password hash passes LDAP authentication
- Any user with a SHA512 password hash fails LDAP authentication
- /etc/login.defs on all systems contains ENCRYPT_METHOD SHA512
- Local users with SHA512 passwords on LDAP server can login without problems
- Local users with SHA512 passwords on LDAP clients can login without problems
- No errors in system logs on either clients or server related to this problem

The_Real_ARob
Posts: 2
Joined: 2012/09/06 00:19:05

Re: LDAP authenticates users w/ MD5 passwords but not SHA512

Postby The_Real_ARob » 2012/09/06 03:36:56

More information:

* Setting the encryption method to MD5 on the LDAP server (using system-config-authentication) and resetting passwords does not ameliorate the problem, including after restarting the server and clients.

* New user added with MD5 password hash cannot authenticate on LDAP clients, either. Old users continue to work just fine.

* Old user password changed to SHA512 hash continues to work just fine, so it is only coincidental that old users have MD5 and new users have SHA512 hashes.


Return to “CentOS 5 - Security Support”

Who is online

Users browsing this forum: No registered users and 0 guests