Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Apr 2008 10:39:45 -0400
From: Bill Gurley <>
Subject: help with openldap ssha


I've searched the john-users archives on this, and I'm still having 

I have a server where authentication is done via openldap.  I want to 
check for weak passwords, so I've been trying to get set up to use john 
to do this.

Openldap uses ssha hashes that are base64-encrypted.  I've managed to 
get around all of that using ldapsearch and some clumsy bash scripting, 
to end up with a file listing of lines like this:


That is, each line has a username, followed by a colon, followed by the 
SSHA hash of the password.

I have tried running john on this file, using commands like this:

john --format=ssha test.txt

john --format=nsldap test.txt

I am using john-1.7.2, with this patch:


The patch seems to add support for ssha, although it is for "Netscape 

So far, I have not been able to get any response other than:

No password hashes loaded

Can someone tell me what I'm doing wrong?  Is my password file format wrong?



  Bill Gurley, Technical Director
  Department of Chemistry
  Univ. of Tennessee, Knoxville

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.