DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

slappasswd(8)




SLAPPASSWD(8C)        MAINTENANCE COMMANDS         SLAPPASSWD(8C)


NAME

     slappasswd - OpenLDAP password utility


SYNOPSIS

     SBINDIR/slappasswd [-v] [-u] [-s secret|-T file]  [-h  hash]
     [-c salt-format]


DESCRIPTION

     Slappasswd is used to generate an userPassword  value  suit-
     able for use with ldapmodify(1) or slapd.conf(5) rootpw con-
     figuration directive.


OPTIONS

     -v   enable verbose mode.

     -u   Generate RFC 2307 userPassword  values  (the  default).
          Future  versions  of this program may generate alterna-
          tive syntaxes by default.  This option is provided  for
          forward compatibility.

     -s secret
          The secret to hash.  If this and  -T  are  absent,  the
          user  will  be prompted for the secret to hash.  -s and
          -T and mutually exclusive flags.

     -T file
          Hash the contents of the file.   If  this  and  -s  are
          absent,  the  user  will  be prompted for the secret to
          hash.  -s and -T and mutually exclusive flags.

     -h scheme
          If -h is specified,  one  of  the  following  RFC  2307
          schemes  may  be  specified:   {CRYPT},  {MD5}, {SMD5},
          {SSHA}, and {SHA}.  The default is {SSHA}.

          {SHA} and {SSHA} use the SHA-1 algorithm (FIPS  160-1),
          the latter with a seed.

          {MD5} and {SMD5} use the MD5 algorithm (RFC 1321),  the
          latter with a seed.

          {CRYPT} uses the crypt(3).

          {CLEARTEXT} indicates that the new password  should  be
          added to userPassword as clear text.

     -c crypt-salt-format
          Specify the format of the salt passed to crypt(3)  when
          generating  {CRYPT}  passwords. This string needs to be
          in sprintf(3) format and may include one (and only one)
          %s  conversion.   This  conversion  will be substituted
          with a string  random  characters  from  [A-Za-z0-9./].

OpenLDAP LDVERSION  Last change: RELEASEDATE                    1

SLAPPASSWD(8C)        MAINTENANCE COMMANDS         SLAPPASSWD(8C)

          For  example,  "%.2s" provides a two character salt and
          "$1$%.8s" tells some versions of crypt(3) to use an MD5
          algorithm  and  provides  8  random characters of salt.
          The default is "%s", which provides  31  characters  of
          salt.


LIMITATIONS

     The  practice  storing  hashed  passwords  in   userPassword
     violates Standard Track (RFC 2256) schema specifications and
     may hinder interoperability.  A new  attribute  type,  auth-
     Password,  to  hold  hashed  passwords has been defined (RFC
     3112), but is not yet implemented in slapd(8).


SECURITY CONSIDERATIONS

     Use of hashed passwords does not  protect  passwords  during
     protocol  transfer.   TLS or other eavesdropping protections
     should be inplace before using LDAP simple bind.  The hashed
     password  values  should  be protected as if they were clear
     text passwords.


SEE ALSO

     ldappasswd(1),  ldapmodify(1),  slapd(8)  slapd.conf(5)  RFC
     2307 RFC 2256 RFC 3112

     "OpenLDAP               Administrator's               Guide"
     (http://www.OpenLDAP.org/doc/admin/)


ACKNOWLEDGEMENTS

     OpenLDAP is developed and maintained by The OpenLDAP Project
     (http://www.openldap.org/).    OpenLDAP   is   derived  from
     University of Michigan LDAP 3.3 Release.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    2


Man(1) output converted with man2html