Hello all,
I've a big problem and I dont know how to solve it :
I've imported users from an AD and this works fine.
The users password are crypted using the SHA1 encryption.
this users have to connect to the Clearos ldap system using MAC computers. So i configured the macs to connect to it.
When looking and the encrpyted password, it's look like {sha}PDQ071SHICd2yHkZCZF9NxczmLQ=
With a passord like that, I can connect to my web console and change my password
The problem is, when connecting with a mac, the password is unknown. Now, if I change the password and simply change the {sha} to {SHA} (capital letters) , I can connect with my users using the MAC computers. With that, I still can connect to the clearos Webconsole but I can't change my password... I always habe the error : wrong password !
I'm a little bit lost here : how can I do to make MAC or Clearos accept crypted password using {sha} or {SHA} ...
Any idea is very welcomed
I've a big problem and I dont know how to solve it :
I've imported users from an AD and this works fine.
The users password are crypted using the SHA1 encryption.
this users have to connect to the Clearos ldap system using MAC computers. So i configured the macs to connect to it.
When looking and the encrpyted password, it's look like {sha}PDQ071SHICd2yHkZCZF9NxczmLQ=
With a passord like that, I can connect to my web console and change my password
The problem is, when connecting with a mac, the password is unknown. Now, if I change the password and simply change the {sha} to {SHA} (capital letters) , I can connect with my users using the MAC computers. With that, I still can connect to the clearos Webconsole but I can't change my password... I always habe the error : wrong password !
I'm a little bit lost here : how can I do to make MAC or Clearos accept crypted password using {sha} or {SHA} ...
Any idea is very welcomed
Share this post:
Responses (3)
-
Accepted Answer
Hello Nick,
Yes, they're all the same except for the {sha}... which should be {SHA} for the controll the password.
I can create a password like that but it will be refused by the other systems .. since 2017 i believe
In fact, I've the choice to create a SHA encrpytion beginning with {SHA} or {sha}.
With {sha}, Clearos is going to recognize my password when connecting to the webconsole and then changing it (when it ask for the current password) but Mac computers are not going to accept it.
with {SHA}, I will be able to connect to mac computers and to log to the web console but I won't be able to change my password once logged into the clearos webconsole.
i discovered now that I can change my password on the MAC once connected. time, the used algorithm is SSHA. With that change, I can connect to the clearos web console but I can't change my password :
Finally the situation is :
Login to the web console : SHA, SSHA and sha are accepted
Changing password in the web console : only sha
Open a session on Mac computers : SHA or SSHA -
Accepted Answer
-
Accepted Answer
ok, maybe I foud another way ...
I really seems that they are several different modules in clearos to 'uncrypt' the received passwords. The module responsible for validating our password at login does not seem to be the same as the one that verifies our password when we want to change it.
the first one can 'decode' correctly a given password but not the second one which seems to be obsolete.
So, I found a project to install a self-service password web tool . It can connect to a OpenLDAP server to modifiy a requested change.
https://ltb-project.org/documentation/self-service-password
So I'm going to try this solution to get around the Clearos problem.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »