Logged in as guest
Viewing Software Enhancements/4997 Full headers
Major security issue: yes no
Notes: Notification:
Date: Sat, 2 Jun 2007 06:31:23 GMT From: rra@stanford.edu To: openldap-its@OpenLDAP.org Subject: lmpasswd support using gcrypt
Full_Name: Russ Allbery Version: 2.4 (HEAD) OS: Debian URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341 Submission from: (NULL) (171.66.157.14) Now that 2.4 has native GnuTLS support, the patch that's been sitting around in Debian bug #245341 becomes potentially interesting (see the associated URL). This is a request to support LAN Manager password hashes when OpenLDAP is built with GnuTLS instead of OpenSSL, thus requiring using libgcrypt to do the DES work instead of OpenSSL's DES library. The patch in that bug almost certainly isn't okay in its current form, but I wanted to get the ITS filed for this feature request so that there's a record in the database and just in case someone else feels inspired to bring the patch up to date and clean it up. (Unlikely, I know.) Otherwise, I will probably clean this patch up for further submission at some point near the 2.4 release (on which side of it, I'm not sure).
Cc: openldap-its@OpenLDAP.org From: Kurt Zeilenga <kurt@OpenLDAP.org> Subject: Re: (ITS#4997) lmpasswd support using gcrypt Date: Sat, 2 Jun 2007 06:44:37 -0700 To: rra@stanford.edu
On Jun 2, 2007, at 6:31 AM, rra@stanford.edu wrote: > Full_Name: Russ Allbery > Version: 2.4 (HEAD) > OS: Debian > URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341 > Submission from: (NULL) (171.66.157.14) > > > Now that 2.4 has native GnuTLS support, the patch that's been > sitting around in > Debian bug #245341 becomes potentially interesting (see the > associated URL). > This is a request to support LAN Manager password hashes when > OpenLDAP is built > with GnuTLS instead of OpenSSL, thus requiring using libgcrypt to > do the DES > work instead of OpenSSL's DES library. > > The patch in that bug almost certainly isn't okay in its current form, Note that 3rd party contributions are generally not acceptable (for IPR reasons). That is, we generally require the author(s) of the patch to contribute the patch. If you think this patch is useful, you might suggest to its authors that they contribute it to the Project. In doing so, it's good to provide a link to our contributing guidelines, http://www.openldap.org/devel/ contributing.html. > but I > wanted to get the ITS filed for this feature request so that > there's a record in > the database and just in case someone else feels inspired to bring > the patch up > to date and clean it up. (Unlikely, I know.) Otherwise, I will > probably clean > this patch up for further submission at some point near the 2.4 > release (on > which side of it, I'm not sure). Without involvement from the authors of this patch, it's better to simply rewrite the feature from scratch. -- Kurt
From: Russ Allbery <rra@stanford.edu> To: openldap-its@OpenLDAP.org Subject: Re: (ITS#4997) lmpasswd support using gcrypt Date: Sat, 02 Jun 2007 09:27:49 -0700
Kurt Zeilenga <kurt@OpenLDAP.org> writes: > Without involvement from the authors of this patch, it's better to > simply rewrite the feature from scratch. No problem. The patch is conceptually trivial. I'll plan on reimplementing it from scratch unless I can contact the original author (or possibly anyway if it's faster). -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
