[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Adding crypt(3) salt format (ITS#1202)
Committed to HEAD with minor changes. Please test.
Kurt
At 06:21 PM 6/12/2001, j.costlow@f5.com wrote:
>Full_Name: Jeff Costlow
>Version: HEAD
>OS: RH linux 6.2
>URL: ftp://ftp.openldap.org/incoming/jcostlow-010612.patch
>Submission from: (NULL) (205.229.151.150)
>
>
>See this thread:
>http://www.openldap.org/lists/openldap-devel/200105/msg00020.html
>
>But here's the gist of it anyway:
>>Other than to use adaptive code (such as code which calls
>>crypt_get_format(3) or like functions) [which is likely a rat
>>hole], a single configuration option might resolve this.
>>
>> crypt-salt-format "%.2s"
>> crypt-salt-format "%.8s" (default)
>> crypt-salt-format "_abcd%.4s"
>> crypt-salt-format "$1$%.8s"
>>...
>>I suggest a quick hack initially. Add a static (local to file)
>>variable to liblutil/passwd.c which holds a point to a format
>>string (default to NULL) and then code to check if the generate
>>crypt() password function. If NULL, do what we do today. Otherwise,
>>generate a 16 character long, base64 salt string and snprintf it
>>into the salt to be passed to crypt using the specified format. And
>>an access function which sets the static variable.
>>
>>In slapd, hack config.c to have an directive which sets the
>>format via an access function.
>
>This patch is:
>Copyright 2001, F5 Networks, Inc, All rights reserved.
>This software is not subject to any license of F5 Networks.
>
>This is free software; you can redistribute and use it
>under the same terms as OpenLDAP itself.
>
>
>(Note the license is different than the license with which I submitted the last
>patch. The OpenLDAP project has permission to use the code without crediting F5
>Networks.)
>
>Thanks.