5 Replies Latest reply on Feb 19, 2015 5:32 PM by Peter M

    Password encryption method for "sgpassword" attribute on External LDAP Server

    vbenincasa

      We're trying to set up a Stonegate firewall, and ran into some trouble for the authentication of users coming from an external LDAP Server.

       

      We updated the LDAP schema with the sg-v3.schema, as instructed in the help files.

      Our users and groups are "sguser" and "sggroup" entities, respectively.

      User Authentication method is set to "user password" (but we also tried Radius).

       

      We would like to set up the sgpassword field externally, but we can't get it to be verified correctly by the "login.html" firewall page unless we leave that attribute as clear text (everything works if we leave sgpassword as clear text, but I want to avoid this).

       

      By making some tests by setting up sgpassword directly on the Management Center, I noticed that Stonegate sets up a {md5} base64 encrypted password, and that it also salts it with something - probably a timestamp of some sort, considering that trying the same password, on the same user, results in different hashes.

       

      Everything works correctly when user password in entered directly via the Management Center, with the software taking care of setting up sgpassword as described above. But I need users to be able to set their passwords externally, instead of setting them manually via the Management Center.

       

      Where can I configure the authentication process of "login.html" more precisely? Or how can I create password hashes that are valid for it?