AOH :: SCO :: SCO5453.HTM

AOH :: SCO :: SCO5453.HTM
Volution Manager: Directory Administrator password in cleartext

14th Jun 2002 [SBWID-5453]

COMMAND

	Volution Manager: Directory Administrator password in cleartext

SYSTEMS AFFECTED

	Volution Manager 1.1

PROBLEM

	In Caldera International, Inc.  Security Advisory CSSA-2002-024.0:
	

	Volution  Manager  stores  the  unencrypted  Directory  Administrator\'s
	password in the /etc/ldap/slapd.conf file.
	

	

SOLUTION

	Volution Manager  stores  the  un-encrypted  Directory  Administrator\'s
	password in the  /etc/ldap/slapd.conf  file.  The  password  line  looks
	similar to this:
	

	

			rootpw		<clear_text_password>

	

	

	Caldera strongly recommends that you encrypt this  password,  using  the
	following steps:
	

	As the root user, run slappasswd, entering your desired password at  the
	prompts (the example uses newpasswd as the new  password;  the  password
	will not be seen as you type it).
	

	

		# slappasswd

		New password: newpasswd

		Re-enter new password: newpasswd

		{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz

		#

	

	

	The   output   is   the   new,   encrypted   password.   In   the   file
	/etc/ldap/slapd.conf, replace the  previous  rootpw  line  with  a  line
	containing the new, encrypted password so that the  line  looks  similar
	to this:
	

	

		rootpw		{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.