Rechercher une page de manuel
slappasswd
Langue: en
Version: 40317 (fedora - 16/08/07)
Section: 8 (Commandes administrateur)
NAME
slappasswd - OpenLDAP password utilitySYNOPSIS
/usr/sbin/slappasswd [-v] [-u] [-s secret|-T file] [-h hash] [-c salt-format]DESCRIPTION
Slappasswd is used to generate an userPassword value suitable for use with ldapmodify(1) or slapd.conf(5) rootpw configuration directive.
OPTIONS
- -v
- enable verbose mode.
- -u
- Generate RFC 2307 userPassword values (the default). Future versions of this program may generate alternative syntaxes by default. This option is provided for forward compatibility.
- -s secret
- The secret to hash. If this and -T are absent, the user will be prompted for the secret to hash. -s and -T and mutually exclusive flags.
- -T file
- Hash the contents of the file. If this and -s are absent, the user will be prompted for the secret to hash. -s and -T and mutually exclusive flags.
- -h scheme
- If -h is specified, one of the following RFC 2307 schemes may be specified: {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. The default is {SSHA}.
Note that scheme names may need to be protected, due to { and }, from expansion by the user's command interpreter.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be added to userPassword as clear text.
- -c crypt-salt-format
- Specify the format of the salt passed to crypt(3) when generating {CRYPT} passwords. This string needs to be in sprintf(3) format and may include one (and only one) %s conversion. This conversion will be substituted with a string random characters from [A-Za-z0-9./]. For example, '%.2s' provides a two character salt and '$1$%.8s' tells some versions of crypt(3) to use an MD5 algorithm and provides 8 random characters of salt. The default is '%s', which provides 31 characters of salt.
LIMITATIONS
The practice storing hashed passwords in userPassword violates Standard Track (RFC 2256) schema specifications and may hinder interoperability. A new attribute type, authPassword, to hold hashed passwords has been defined (RFC 3112), but is not yet implemented in slapd(8).- It should also be noted that the behavior of
- crypt(3) is platform specific.
SECURITY CONSIDERATIONS
Use of hashed passwords does not protect passwords during protocol transfer. TLS or other eavesdropping protections should be in-place before using LDAP simple bind.- The hashed password values should be protected as if they
- were clear text passwords.
SEE ALSO
ldappasswd(1), ldapmodify(1), slapd(8) slapd.conf(5) RFC 2307 RFC 2256 RFC 3112"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
ACKNOWLEDGEMENTS
OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). OpenLDAP is derived from University of Michigan LDAP 3.3 Release.Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre