Hi all, I'm trying to get working SSHA password generation in JavaScript. I've found interesting topic which I want to ask about.
Is there any presumption about salt length? I've tried salt "saltedsalt" and password "abcd". It produced string {SSHA}/OwjNeakcceT6szrxGOMHUb53XJzYWx0ZWRzYWx0 which when inserted into userPassword attribute crashed slapd daemon when the user tried to log on. With random salt of length 13 everything works fine. Maybe there is some mistake related to base64 padding, but even with one or two trailing = this hash crashed the slapd daemon.
FDS is 1.0.2
Radek
Radek Hladik wrote:
Hi all, I'm trying to get working SSHA password generation in JavaScript. I've found interesting topic which I want to ask about.
You don't need to generate password hashes externally, the server will do it for you.
Enable SSHA password hashing in the server, and modify the userPassword attribute with a plaintext value via SSL for transport security. The server will hash the userPassword value for you. Or you could use the password modify extended operation...
-- mike
Mike Jackson napsal(a):
Radek Hladik wrote:
Hi all, I'm trying to get working SSHA password generation in JavaScript. I've found interesting topic which I want to ask about.
You don't need to generate password hashes externally, the server will do it for you.
Enable SSHA password hashing in the server, and modify the userPassword attribute with a plaintext value via SSL for transport security. The server will hash the userPassword value for you. Or you could use the password modify extended operation...
Thanks, I didn't know about this possibility. But I would like to also provide the user with option to verify the hash. And password not leaving the client computer is good bonus too. However the code is working now, only some salt lengths cause troubles. And it is also not good that slapd crashes with the incorrect hash (yes, I've filed that as bug 205907 :-) ).
Radek
389-users@lists.fedoraproject.org