SLAPPASSWD(8C)                                     SLAPPASSWD(8C)



NAME
       slappasswd - OpenLDAP password utility

SYNOPSIS
       /usr/sbin/slappasswd  [-v]  [-u] [-s secret] [-h hash] [-c
       salt-format]


DESCRIPTION
       Slappasswd is used to generate an userPassword value suit-
       able  for  use  with ldapmodify(1) or slapd.conf(5) rootpw
       configuration directive.

OPTIONS
       -v     enable verbose mode.

       -u     Generate RFC2307 userPassword values (the default).
              Future versions of this program may generate alter-
              native syntaxes by default.  This  option  is  pro-
              vided for forward compatibility.

       -s secret
              The secret to hash.  If not provided, the user will
              be prompted for the secret to hash.

       -h scheme
              If -h is specified, one of  the  following  RFC2307
              schemes  may  be specified: {CRYPT}, {MD5}, {SMD5},
              {SSHA}, and {SHA}.  The default is {SSHA}.

       -c crypt-salt-format
              Specify the format of the salt passed  to  crypt(3)
              when  generating  {CRYPT}  passwords.   This string
              needs to be in sprintf(3) format  and  may  include
              one  (and only one) %s conversion.  This conversion
              will be substituted with a string random characters
              from [A-Za-z0-9./].  For example, "%.2s" provides a
              two character salt and "$1$%.8s"  tells  some  ver-
              sions  of crypt(3) to use an MD5 algorithm and pro-
              vides 8 random characters of salt.  The default  is
              "%s", which provides 31 characters of salt.

LIMITATIONS
       The practice storing hashed passwords in userPassword vio-
       lates Standard Track (RFC2256) schema  specifications  and
       may hinder interoperability.  A new attribute type to hold
       hashed passwords is needed.

SECURITY CONSIDERATIONS
       Use of hashed passwords does not protect passwords  during
       protocol transfer.  TLS or other eavesdropping protections
       should be inplace before  using  LDAP  simple  bind.   The
       hashed password values should be protected as if they were
       clear text passwords.

SEE ALSO
       ldappasswd(1), ldapmodify(1), slapd(8) slapd.conf(5)

       "OpenLDAP   Administrator's   Guide"    (http://www.OpenL-
       DAP.org/doc/admin/)

ACKNOWLEDGEMENTS
       OpenLDAP  is developed and maintained by The OpenLDAP Pro-
       ject (http://www.openldap.org/).  OpenLDAP is derived from
       University of Michigan LDAP 3.3 Release.



OpenLDAP 2.1.X            20 August 2000           SLAPPASSWD(8C)