I hadn't seen anymore discussion about this on the list, even though it seemed like a really good idea. I put together a patch for it this morning against HEAD. Notes: The config file will take a new parameter that will set the salt-format for crypt-style password setting. This configuration directive will be accepted but do nothing if your platform does not support crypt style passwords. (this seems to be what happens for most other config directives) crypt-salt-format "_abcd%.4s" crypt-salt-format "%.8s" crypt-salt-format "$1$%.8s" If there is no crypt-salt-format configuration directive, everything will operate as before, with the exception that the salt will be up to 32 characters rather than 8. All crypt(3) that I know will operate correctly, but may ignore much of the salt. This patch is: Copyright 2001, F5 Networks, All rights reserved. This software is not subject to any license of F5 Networks. Redistribution and use in source and binary forms are permitted without restriction or fee of any kind as long as this notice is preserved. -----Original Message----- From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] Sent: Friday, May 04, 2001 12:36 PM To: Paulo Matos Cc: openldap-devel@OpenLDAP.org Subject: Re: Incorporating md5-BSD-style passwd-hash in openldap At 12:11 PM 5/4/01, Paulo Matos wrote: >On Fri, 4 May 2001, Kurt D. Zeilenga wrote: > >Kurt> Given that I won't have time to write something like this >Kurt> for quite some time, I was hoping someone else would >Kurt> volunteer. :-) > > No problem, you find your volunteer! Now please give some hints! >(I asked a few questions on the first post) > Basically what I need to now other that what I asked before >is where are parsing functions in order to extract the new config >paramenter. I suggest a quick hack initially. Add a static (local to file) variable to liblutil/passwd.c which holds a point to a format string (default to NULL) and then code to check if the generate crypt() password function. If NULL, do what we do today. Otherwise, generate a 16 character long, base64 salt string and snprintf it into the salt to be passed to crypt using the specified format. And an access function which sets the static variable. In slapd, hack config.c to have an directive which sets the format via an access function.
Attachment:
openldap.patch
Description: Binary data