[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: password hash
> I have to replicate passwords from an Active Directory to an OpenLDAP Server
> (Heimdal with OpenLDAP backend). The synchronization program resides on the
> Windows server. It works well for the public information and for the samba
> and unix passwords. Now I have to implement the replication for the Heimdal
as far as I know, Active Directory (without Kerberos) has very strange
idea about storing passwords.
1) there's no visible attribute for reading password (probably, there are
attributes, but they are unaccessible due to ACLs)
2) You can change password via LDIF import with "unicodePwd" field. that
is "write only" field where You put clear text password. Search for that
word at microsoft.com, there are certain conditions to apply for changing
3) general utility for such operations is "ldifde", you can play with it.
they definetly use some propriate stuff to replicate users across AD
domain controllers. no LDAP replication will help. no idea yet about
kerberos + win32 stuff
4) you can use pwdump, pwdump2, pwdump3 for reading NT/LM hashes. even in
AD case. no idea how to store them back :-(
> How can I compute the Kerberos password hash values (for OpenLDAP) on the
> Windows server?
- password hash
- From: Jürgen Tabert bei Strato <JTabert@htgreenline.de>