creating password history entries

Jared Rich jrich at dev.creative-tech.com
Tue Nov 16 14:01:22 GMT 2004


I am trying to write a PHP script to create a sambaPasswordHistroy in LDAP.
This is what I, along with some help from previous posts here, have come up
with:


$password = "testthis";
$md4_pwd = shell_exec("/usr/local/sbin/mkntpwd -N $password");

$salt = "7F8CF691B938C5B7A5389F8DCC288B82";

$combo = $salt.$md4_pwd;
$combo = get_bytes($combo);
$md5_pwd = md5($combo);

echo strtoupper($md5_pwd);

function get_bytes($string) {
	$bytes = array("C*");
	for ($i = 0; $i < strlen($string); $i += 2) {
		$bytes[] = intval(substr($string, $i, 2), 16);
	}

	return call_user_func_array('pack', $bytes);
}


In LDAP, the sambaPasswordHistroy attribute looks like this:

7F8CF691B938C5B7A5389F8DCC288B82 72B140CEDEE05AE7A1AA51660109EC45

As can be seen, I have used the first 16 bytes as the salt, and MD4 hashed the
password.  The password is converted to unicode by the mkntpwd program.  I
then concatenated the two values, and got the byte representation of it to
pass to the MD5 function.

Using all this, I should come up with the 2nd 16 bytes in the password
history, but I get this:

BB5CA6C59539D8721DB882F7FE50283F

Am I just not using the pack function properly? Or possibly the MD5 function??
or what?

Thanks,
Jared



More information about the samba-technical mailing list