(S)SHA512/384/256 hash methods for LDAP userPassword

Hi,

I’m using PrivacyIDEA with OpenLDAP as user account storage.
I have noticed an issue:
When I try to log in with an account having userPassword field hashed
with SHA256, SHA384, SHA512 or SSHA256, SSHA384, SSHA512 it fails with the
message “Authentication failed. Wrong credentials”.
Everything works with MD5, SSHA, SHA, SMD5 instead.

Does PrivacyIDEA support those methods?

Thank you!

Hello Caruso.Daniele,

when authenticating against the LDAP store privacyIDEA performs a bind
against LDAP. At this point privacyIDEA uses the underlying ldap3 python
library, which is a real great LDAP client implementation.

To see, at which point the problem arises, please turn on debug level
and provide the complete privacyidea.log when trying to
authenticate.

THanks a lot
Cornelius

caruso.daniele.89@gmail.com:Am Mittwoch, den 13.04.2016, 08:19 -0700 schrieb

Hi,

I’m using PrivacyIDEA with OpenLDAP as user account storage.
I have noticed an issue:
When I try to log in with an account having userPassword field hashed
with SHA256, SHA384, SHA512 or SSHA256, SSHA384, SSHA512 it fails with
the message “Authentication failed. Wrong credentials”.
Everything works with MD5, SSHA, SHA, SMD5 instead.

Does PrivacyIDEA support those methods?

Thank you!


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/50f01419-9948-4ed5-bda4-54237e8db02f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hello Cornelius,

I think the problem is at a lower level… in OpenLDAP… so this is not a
PrivacyIDEA problem.
Thank you so much for your answer.

DanieleIl giorno mercoledì 13 aprile 2016 18:04:25 UTC+2, Cornelius Kölbel ha scritto:

Hello Caruso.Daniele,

when authenticating against the LDAP store privacyIDEA performs a bind
against LDAP. At this point privacyIDEA uses the underlying ldap3 python
library, which is a real great LDAP client implementation.

To see, at which point the problem arises, please turn on debug level
and provide the complete privacyidea.log when trying to
authenticate.

THanks a lot
Cornelius

Am Mittwoch, den 13.04.2016, 08:19 -0700 schrieb
caruso.d...@gmail.com <javascript:>:

Hi,

I’m using PrivacyIDEA with OpenLDAP as user account storage.
I have noticed an issue:
When I try to log in with an account having userPassword field hashed
with SHA256, SHA384, SHA512 or SSHA256, SSHA384, SSHA512 it fails with
the message “Authentication failed. Wrong credentials”.
Everything works with MD5, SSHA, SHA, SMD5 instead.

Does PrivacyIDEA support those methods?

Thank you!


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/50f01419-9948-4ed5-bda4-54237e8db02f%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel