[Samba] SSH Server and Hash algorithms

[Alex Moen]

OK… So, I have posted on the Centos list, comp.security.ssh, and Linux Forums, and no one seems to have heard of this issue or even have any advice for me.  So, I am going to take a shot with the Samba list, since this is related.

I have a Centos 6.2 server freshly updated. It is authenticating against an openldap server, and I am having an issue with the hashing algorithms being used by various utilities and servers.

First of all:

authconfig --test | grep hashing
password hashing algorithm is sha512

However, when I change a password using the passwd command, I see the following:

smbldap-usershow alexm at domain.com
dn: uid=alexm at domain.com,ou=domain,o=ndtc
uid: alexm at domain.com
cn: Alex M
mail: alexm at domain.com
...
userPassword: {crypt}$1$kxH/MHL7$.51e8u0CooCalDaXsHSKD/

Crypt? OK, well, it's a crypt (MD5) password even though authconfig says it'll be using sha512... But, I can log in using sshd.

Now, if I change the password using the smbpasswd utility (I'm using "ldap password sync = yes"), and rerun the smbldap-usershow command:

dn: uid=alexm at domain.com,ou=domain,o=ndtc
uid: alexm at domain.com
cn: Alex
mail: alexm at domain.com
...
userPassword: {SSHA}UGRSbhcFL0qLRdj6yWvqRidZPfIiBPYb

OK, now it's an SSHA hash! Hooray! BUT, I can no longer ssh to the server!

WTF??? Anyone have any insights into what I am missing here, and more importantly, how I can fix it? I'd obviously rather use SSHA than MD5...

TIA!

Alex