(S)SHA512/384/256 hash methods for LDAP userPassword
177 views
Skip to first unread message
caruso.d...@gmail.com
Apr 13, 2016, 11:19:51 AM4/13/16
to privacyidea
Hi,
I'm using PrivacyIDEA with OpenLDAP as user account storage.
I have noticed an issue:
When I try to log in with an account having userPassword field hashed with SHA256, SHA384, SHA512 or SSHA256, SSHA384, SSHA512 it fails with the message "Authentication failed. Wrong credentials".
Everything works with MD5, SSHA, SHA, SMD5 instead.
Does PrivacyIDEA support those methods?
Thank you!
Cornelius Kölbel
Apr 13, 2016, 12:04:25 PM4/13/16
to priva...@googlegroups.com
Hello Caruso.Daniele,
when authenticating against the LDAP store privacyIDEA performs a bind
against LDAP. At this point privacyIDEA uses the underlying ldap3 python
library, which is a real great LDAP client implementation.
To see, at which point the problem arises, please turn on debug level
and provide the __complete__ privacyidea.log when trying to
authenticate.
THanks a lot
Cornelius
Am Mittwoch, den 13.04.2016, 08:19 -0700 schrieb
caruso.d...@gmail.com:
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/50f01419-9948-4ed5-bda4-54237e8db02f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
when authenticating against the LDAP store privacyIDEA performs a bind
against LDAP. At this point privacyIDEA uses the underlying ldap3 python
library, which is a real great LDAP client implementation.
To see, at which point the problem arises, please turn on debug level
and provide the __complete__ privacyidea.log when trying to
authenticate.
THanks a lot
Cornelius
Am Mittwoch, den 13.04.2016, 08:19 -0700 schrieb
caruso.d...@gmail.com:
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/50f01419-9948-4ed5-bda4-54237e8db02f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
caruso.d...@gmail.com
Apr 15, 2016, 2:44:45 AM4/15/16
to privacyidea
Hello Cornelius,
I think the problem is at a lower level... in OpenLDAP... so this is not a PrivacyIDEA problem.
Thank you so much for your answer.
Thank you so much for your answer.
Daniele
Reply all
Reply to author
Forward
0 new messages