[Date Prev][Date Next]
Re: Adding crypt(3) salt format (ITS#1202)
Committed to HEAD with minor changes. Please test.
At 06:21 PM 6/12/2001, email@example.com wrote:
>Full_Name: Jeff Costlow
>OS: RH linux 6.2
>Submission from: (NULL) (220.127.116.11)
>See this thread:
>But here's the gist of it anyway:
>>Other than to use adaptive code (such as code which calls
>>crypt_get_format(3) or like functions) [which is likely a rat
>>hole], a single configuration option might resolve this.
>> crypt-salt-format "%.2s"
>> crypt-salt-format "%.8s" (default)
>> crypt-salt-format "_abcd%.4s"
>> crypt-salt-format "$1$%.8s"
>>I suggest a quick hack initially. Add a static (local to file)
>>variable to liblutil/passwd.c which holds a point to a format
>>string (default to NULL) and then code to check if the generate
>>crypt() password function. If NULL, do what we do today. Otherwise,
>>generate a 16 character long, base64 salt string and snprintf it
>>into the salt to be passed to crypt using the specified format. And
>>an access function which sets the static variable.
>>In slapd, hack config.c to have an directive which sets the
>>format via an access function.
>This patch is:
>Copyright 2001, F5 Networks, Inc, All rights reserved.
>This software is not subject to any license of F5 Networks.
>This is free software; you can redistribute and use it
>under the same terms as OpenLDAP itself.
>(Note the license is different than the license with which I submitted the last
>patch. The OpenLDAP project has permission to use the code without crediting F5