CA Directory: userPassword is inconsistent across copies of CA ldap

book

Article ID: 102289

calendar_today

Updated On:

Products

DIRECTORY

Issue/Introduction



Why do I see different hash value for userPassword attribute for the same user across MW replicated DSAs?

Environment

Release:
Component: ETRDIR

Resolution

What you are seeing is by design when a password gets hashed due to use of slat algorithm. 

In other words, apart from our obfuscation algorithm (-P CADIR which uses a fixed key), our passwords use one-way hashing algorithms rather than encryption. Salted variants of these algorithms use a random salt to ensure the outcome of the hash is unique to protect against pre-computational hash attacks (like rainbow table attacks). This is the reason why you see different hash value for the same password while the actual password value itself (when you think of it as clear text value) remains the same.