ssha, or salted sha is a password encryption method for LDAP, see the OpenLDAP Faq-O-Matic page for details.
To create an LDAP SSHA password entry in Tcl do something along the following lines:
package require sha1 proc ldapPasswordStringSSHA clear { # return ldap password string from clear, generated with SSHA set salt [getSalt 4] set salted [sha1::sha1 -bin ${clear}${salt}] return "{SSHA}[binary encode base64 ${salted}${salt}]" } proc getSalt n { # return a random string with length n set fd [open /dev/random] set salt [read $fd $n] close $fd return $salt }
Notes: