[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP uses crypt() of OpenSSL instead of system libraries (ITS#2123)



Full_Name: Andreas Steinmetz
Version: 2.1.5
OS: Linux 2.4
URL: 
Submission from: (NULL) (217.229.56.110)


Description:

OpenLDAP links against OpenSSL (-lcrypto) without prior linking against the
proper system library (-lcrypt) so the crypt() function of OpenSSL is used
instad of the system crypt() function.

Problem:

Unfortunately the OpenSSL crypt() function does not handle MD5 passwords as does
the system crypt() function (part of glibc 2.2.5). Thus transparent migration to
OpenLDAP from Shadow or NIS will fail for all more modern installations as the
user passwords are not processed correctly.

Solution:

Assert to link against -lcrypt prior to linking against -lcrypto on systems
which do have an explicit crypt library, i.e. include LUTIL_LIBS for linking
(seems to be defined but ignored) and do it before including TLS_LIBS.