Archive

Posts Tagged ‘PHP’

Hacking the Kerberos

February 14th, 2012 1 comment

In the spare time I’ve had in Melbourne, I’ve written a small Ajax app called kpassweb to do Kerberos password changes. Configuration on the backend is pretty minimal. As it turned out, the backend PHP Pecl library kadm5 doesn’t work with current versions of Kerberos, so I’ve also written a patch to get that working.

It’s not quite finished, since compiling with the patch still produces a bunch of deprecated symbols from the Zend PHP interface, but it makes it usable.

As a side note, this was all done on my venerable Atom CPU netbook with a whole 8GB of storage, with connectivity snaffled from the Melbourne city library, McDonalds, and over an epically slow cellular connection. I really don’t recommend this.

Categories: Tech Tags: , , , , ,

Password hashes for OpenLDAP in PHP 5

May 26th, 2010 2 comments

Having spent far too long trying to work out to make PHP 5 create usable password hashes for OpenLDAP from examples on the Internet (hint, comments on the md5() function on php.net are dangerously wrong), I resorted to reading the RFCs and writing the code myself. This is posted below for other people who might have the same problem.

# This will generate an MD5 sum hash.
$encrypted_password = '{MD5}' . base64_encode(md5( $newpassword,TRUE));

# This will generate a SHA-1 hashed password.
$encrypted_password = '{SHA}' . base64_encode(sha1( $newpassword, TRUE ));

# This will generate a SHA-1 hashed password with a salt.
$encrypted_password = '{SSHA}' . base64_encode(sha1( $newpassword.$salt, TRUE ). $salt);

References:
RFC 2307
RFC 3112
OpenLDAP Faq-O-Matic

Versions:
PHP: 5.2.10 (Ubuntu Karmic/9.10)
OpenLDAP (Ubuntu Lucid/10.4)

Categories: Tech Tags: , , , , , ,