change password for user
Michael Ströder
michael at stroeder.com
Mon Mar 9 01:08:45 CET 2009
Jan-Frode Myklebust wrote:
> I have a script that tries to sync a userdatabase with
> plaintext username/password in mysql, to a Centos Directory
> Server. Currently I've been pushing the passwords into the
> directory by first creating the SSHA1 hash in python and
> store '{SSHA}' + encode-string in the password field.
>
> But, it occurred to me that I'm not fully sure what I'm doing
> when creating the SSHA1 hash,
If the password is usable afterwards there's nothing wrong with
client-side password hashing. The salt should be at least 4 bytes long.
> so it would be nice to have
> the directory server do the hashing instead. I've found the
> method:
>
> passwd_s(user, oldpw, newpw, [serverctrls=None, [clientctrls=None]])
>
> but are there any way to use that when I don't know the plaintext
> 'oldpw' ?
Simply use None for oldpw.
Ciao, Michael.
More information about the python-ldap
mailing list