[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Incorporating md5-BSD-style passwd-hash in openldap

I hadn't seen anymore discussion about this on the list, even though it
seemed like a really good idea.

I put together a patch for it this morning against HEAD.

The config file will take a new parameter that will set the salt-format for
crypt-style password setting.
This configuration directive will be accepted but do nothing if your
platform does not support crypt style passwords.  (this seems to be what
happens for most other config directives)
crypt-salt-format "_abcd%.4s"
crypt-salt-format "%.8s"
crypt-salt-format "$1$%.8s"

If there is no crypt-salt-format configuration directive, everything will
operate as before, with the exception that the salt will be up to 32
characters rather than 8.  All crypt(3) that I know will operate correctly,
but may ignore much of the salt.

This patch is:
Copyright 2001, F5 Networks, All rights reserved.
This software is not subject to any license of F5 Networks.

Redistribution and use in source and binary forms are permitted
without restriction or fee of any kind as long as this notice
is preserved.

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Friday, May 04, 2001 12:36 PM
To: Paulo Matos
Cc: openldap-devel@OpenLDAP.org
Subject: Re: Incorporating md5-BSD-style passwd-hash in openldap

At 12:11 PM 5/4/01, Paulo Matos wrote:
>On Fri, 4 May 2001, Kurt D. Zeilenga wrote:
>Kurt> Given that I won't have time to write something like this
>Kurt> for quite some time, I was hoping someone else would
>Kurt> volunteer. :-)
>        No problem, you find your volunteer! Now please give some hints!
>(I asked a few questions on the first post)
>        Basically what I need to now other that what I asked before
>is where are parsing functions in order to extract the new config

I suggest a quick hack initially.  Add a static (local to file)
variable to liblutil/passwd.c which holds a point to a format
string (default to NULL) and then code to check if the generate
crypt() password function.  If NULL, do what we do today.  Otherwise,
generate a 16 character long, base64 salt string and snprintf it
into the salt to be passed to crypt using the specified format.  And
an access function which sets the static variable.

In slapd, hack config.c to have an directive which sets the
format via an access function.

Attachment: openldap.patch
Description: Binary data