Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Apr 2008 10:39:45 -0400
From: Bill Gurley <gurley@....chem.utk.edu>
To: john-users@...ts.openwall.com
Subject: help with openldap ssha

Greetings:

I've searched the john-users archives on this, and I'm still having 
trouble...

I have a server where authentication is done via openldap.  I want to 
check for weak passwords, so I've been trying to get set up to use john 
to do this.

Openldap uses ssha hashes that are base64-encrypted.  I've managed to 
get around all of that using ldapsearch and some clumsy bash scripting, 
to end up with a file listing of lines like this:

username:{SSHA}K7q2LHSUwhjkpJHkOZQuDoaYNIkdKjBv

That is, each line has a username, followed by a colon, followed by the 
SSHA hash of the password.

I have tried running john on this file, using commands like this:

john --format=ssha test.txt

john --format=nsldap test.txt


I am using john-1.7.2, with this patch:

john-1.7.2-all-12.diff

The patch seems to add support for ssha, although it is for "Netscape 
LDAP SSHA".

So far, I have not been able to get any response other than:

No password hashes loaded


Can someone tell me what I'm doing wrong?  Is my password file format wrong?


Thanks,


-Bill-

---------------------------------
  Bill Gurley, Technical Director
  Department of Chemistry
  Univ. of Tennessee, Knoxville
  865-974-3145


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.