passlib.hash.ldap_crypt - LDAP crypt() Wrappers¶
Passlib provides support for all the standard LDAP hash formats specified by RFC 2307. One of these, identified by RFC 2307 as the {CRYPT} scheme, is somewhat different from the others. Instead of specifying a password hashing scheme, it’s supposed to wrap the host OS’s crypt(). Being host-dependant, the actual hashes supported by this scheme may differ greatly between host systems. In order to provide uniform support across platforms, Passlib defines a corresponding ldap_crypt-scheme class for each of the standard unix hashes. These classes all wrap the underlying implementations documented elsewhere in Passlib, and can be used directly as follows:
>>> from passlib.hash import ldap_md5_crypt
>>> # encrypt password
>>> hash = ldap_md5_crypt.encrypt("password")
>>> hash
'{CRYPT}$1$gwvn5BO0$3dyk8j.UTcsNUPrLMsU6/0'
>>> # verify password
>>> ldap_md5_crypt.verify("password", hash)
True
>>> ldap_md5_crypt.verify("secret", hash)
False
>>> # determine if the underlying crypt() algorithm is supported
>>> # by your host OS, or if the builtin Passlib implementation is being used.
>>> # "os_crypt" - host supported; "builtin" - passlib version
>>> ldap_md5_crypt.get_backend()
"os_crypt"
See also
- password hash usage – for more usage examples
- ldap_{digest} – for the other standard LDAP hashes.
- passlib.apps – for a list of premade ldap contexts.
Interface¶
- class passlib.hash.ldap_des_crypt¶
- class passlib.hash.ldap_bsdi_crypt¶
- class passlib.hash.ldap_md5_crypt¶
- class passlib.hash.ldap_bcrypt¶
- class passlib.hash.ldap_sha1_crypt¶
- class passlib.hash.ldap_sha256_crypt¶
- class passlib.hash.ldap_sha512_crypt¶
All of these classes have the same interface as their corresponding underlying hash (e.g. des_crypt, md5_crypt, etc).
Footnotes
| [1] | The manpage for slappasswd - http://gd.tuwien.ac.at/linuxcommand.org/man_pages/slappasswd8.html. |
| [2] | The basic format for these hashes is laid out in RFC 2307 - http://www.ietf.org/rfc/rfc2307.txt |
