OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Enhancements/4997
Full headers

From: rra@stanford.edu
Subject: lmpasswd support using gcrypt
Compose comment
Download message
State:
0 replies:
2 followups: 1 2

Major security issue: yes  no

Notes:

Notification:


Date: Sat, 2 Jun 2007 06:31:23 GMT
From: rra@stanford.edu
To: openldap-its@OpenLDAP.org
Subject: lmpasswd support using gcrypt
Full_Name: Russ Allbery
Version: 2.4 (HEAD)
OS: Debian
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
Submission from: (NULL) (171.66.157.14)


Now that 2.4 has native GnuTLS support, the patch that's been sitting around in
Debian bug #245341 becomes potentially interesting (see the associated URL). 
This is a request to support LAN Manager password hashes when OpenLDAP is built
with GnuTLS instead of OpenSSL, thus requiring using libgcrypt to do the DES
work instead of OpenSSL's DES library.

The patch in that bug almost certainly isn't okay in its current form, but I
wanted to get the ITS filed for this feature request so that there's a record in
the database and just in case someone else feels inspired to bring the patch up
to date and clean it up.  (Unlikely, I know.)  Otherwise, I will probably clean
this patch up for further submission at some point near the 2.4 release (on
which side of it, I'm not sure).


Followup 1

Download message
Cc: openldap-its@OpenLDAP.org
From: Kurt Zeilenga <kurt@OpenLDAP.org>
Subject: Re: (ITS#4997) lmpasswd support using gcrypt
Date: Sat, 2 Jun 2007 06:44:37 -0700
To: rra@stanford.edu
On Jun 2, 2007, at 6:31 AM, rra@stanford.edu wrote:

> Full_Name: Russ Allbery
> Version: 2.4 (HEAD)
> OS: Debian
> URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
> Submission from: (NULL) (171.66.157.14)
>
>
> Now that 2.4 has native GnuTLS support, the patch that's been  
> sitting around in
> Debian bug #245341 becomes potentially interesting (see the  
> associated URL).
> This is a request to support LAN Manager password hashes when  
> OpenLDAP is built
> with GnuTLS instead of OpenSSL, thus requiring using libgcrypt to  
> do the DES
> work instead of OpenSSL's DES library.
>
> The patch in that bug almost certainly isn't okay in its current form,

Note that 3rd party contributions are generally not acceptable (for  
IPR reasons).
That is, we generally require the author(s) of the patch to  
contribute the patch.
If you think this patch is useful, you might suggest to its authors  
that they
contribute it to the Project.  In doing so, it's good to provide a  
link to our
contributing guidelines, http://www.openldap.org/devel/ 
contributing.html.

> but I
> wanted to get the ITS filed for this feature request so that  
> there's a record in
> the database and just in case someone else feels inspired to bring  
> the patch up
> to date and clean it up.  (Unlikely, I know.)  Otherwise, I will  
> probably clean
> this patch up for further submission at some point near the 2.4  
> release (on
> which side of it, I'm not sure).

Without involvement from the authors of this patch, it's better to  
simply
rewrite the feature from scratch.

-- Kurt



Followup 2

Download message
From: Russ Allbery <rra@stanford.edu>
To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4997) lmpasswd support using gcrypt
Date: Sat, 02 Jun 2007 09:27:49 -0700
Kurt Zeilenga <kurt@OpenLDAP.org> writes:

> Without involvement from the authors of this patch, it's better to
> simply rewrite the feature from scratch.

No problem.  The patch is conceptually trivial.  I'll plan on
reimplementing it from scratch unless I can contact the original author
(or possibly anyway if it's faster).

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org