[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP uses crypt() of OpenSSL instead of system libraries (ITS#2123)



The OpenSSL library is defective. See the FAQ-o-Matic.
http://www.openldap.org/faq/data/cache/185.html

This is not an OpenLDAP bug, this issue will be closed.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of ast@domdv.de
> Sent: Thursday, October 03, 2002 3:29 AM
> To: openldap-its@OpenLDAP.org
> Subject: OpenLDAP uses crypt() of OpenSSL instead of system libraries
> (ITS#2123)
> 
> 
> Full_Name: Andreas Steinmetz
> Version: 2.1.5
> OS: Linux 2.4
> URL: 
> Submission from: (NULL) (217.229.56.110)
> 
> 
> Description:
> 
> OpenLDAP links against OpenSSL (-lcrypto) without prior 
> linking against the
> proper system library (-lcrypt) so the crypt() function of 
> OpenSSL is used
> instad of the system crypt() function.
> 
> Problem:
> 
> Unfortunately the OpenSSL crypt() function does not handle 
> MD5 passwords as does
> the system crypt() function (part of glibc 2.2.5). Thus 
> transparent migration to
> OpenLDAP from Shadow or NIS will fail for all more modern 
> installations as the
> user passwords are not processed correctly.
> 
> Solution:
> 
> Assert to link against -lcrypt prior to linking against 
> -lcrypto on systems
> which do have an explicit crypt library, i.e. include 
> LUTIL_LIBS for linking
> (seems to be defined but ignored) and do it before including TLS_LIBS.
> 
>