Announcement Announcement Module
Collapse
No announcement yet.
SSHA salt in password-encoder Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSHA salt in password-encoder

    Hi,
    I'm trying to authenticate users against an LDAP where the userPassword attributes are SSHA - encoded . I am not using bind authentication because permissions to do so do not exist on LDAP.

    This is the configuration...
    <ldap-authentication-provider
    user-dn-pattern="uid={0},ou=People,ou=UserStore" group-search-base="ou=AdminGroups,ou=UserStore"
    role-prefix="none">
    <password-compare hash="{ssha}" password-attribute="userPassword"/>
    </ldap-authentication-provider>

    However this fails to instantiate the beans unless a password encoder is provided...

    <password-encoder hash="{ssha}"><salt-source /></password-encoder>
    The problem is that Sun Directory Server uses an algorithm for SSHA that effectively randomizes the salt. Since I have no way of knowing the salt value, is there any way I can override this?

    Any help appreciated.

    Thx

  • #2
    If you're using SSHA then a compare operation won't work - as you say, it isn't possible to know the salt value unless you can read the hash. So you can't calculate a hash from the password that matches the one in the directory.

    Comment

    Working...
    X