[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Adding crypt(3) salt format (ITS#1202)

Committed to HEAD with minor changes.  Please test.

At 06:21 PM 6/12/2001, j.costlow@f5.com wrote:
>Full_Name: Jeff Costlow
>Version: HEAD
>OS: RH linux 6.2
>URL: ftp://ftp.openldap.org/incoming/jcostlow-010612.patch
>Submission from: (NULL) (
>See this thread:
>But here's the gist of it anyway:
>>Other than to use adaptive code (such as code which calls
>>crypt_get_format(3) or like functions) [which is likely a rat
>>hole], a single configuration option might resolve this.
>>        crypt-salt-format "%.2s"
>>        crypt-salt-format "%.8s"        (default)
>>        crypt-salt-format "_abcd%.4s"
>>        crypt-salt-format "$1$%.8s"
>>I suggest a quick hack initially.  Add a static (local to file)
>>variable to liblutil/passwd.c which holds a point to a format
>>string (default to NULL) and then code to check if the generate
>>crypt() password function.  If NULL, do what we do today.  Otherwise,
>>generate a 16 character long, base64 salt string and snprintf it
>>into the salt to be passed to crypt using the specified format.  And
>>an access function which sets the static variable.
>>In slapd, hack config.c to have an directive which sets the
>>format via an access function.
>This patch is:
>Copyright 2001, F5 Networks, Inc, All rights reserved.
>This software is not subject to any license of F5 Networks.
>This is free software; you can redistribute and use it
>under the same terms as OpenLDAP itself.
>(Note the license is different than the license with which I submitted the last
>patch.  The OpenLDAP project has permission to use the code without crediting F5