[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Incompatable crypt? (ITS#970)



Multiple libraries provide a crypt(3) implementation including
OpenSSL and your system libraries.  The best way to avoid this
problem is to hack OpenSSL not to provide a crypt(3).  If your
system supplies crypt(3) in -lcrypt or -lutil, you might try
reordering of the libraries (by editing config.status and
then runnng it to generate new make files).  However, if
crypt(3) is in -lc, adding an explicit -lc early in the
library set is NOT recommended.

Personally, I recommend hacking OpenSSL.

At 07:15 AM 1/18/01 +0000, brad@mrunix.net wrote:
>Full_Name: Bradford L. Barrett
>Version: 2.0.7
>OS: Linux (Slack71/2.4.0)
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (158.252.70.87)
>
>
>Crypt password problem.  OpenLDAP 1.2.11 worked just fine with crypt passwords
>generated from the /etc/shadow file.. OpenLDAP 2.0.7 doesn't, and appears to
>only work with those generated by slappasswd.  Problem appears to be in the
>hashed strings generated by the two different methods.. example, the password
>"password" looks like the following for each method:
>
>$1$WtcNush3$mMDxjvuWtl73gmfL51QBU0         <-- system password (libcrypt)
>
>sEnmZiwqQzR.U                              <-- slappasswd generated
>
>Hashed passwords of the the first form used to work w/1.2.x, and now
>they don't in 2.0.x... the only ones that will work is the second form.
>I've checked the executables with ldd, and they all show that they
>are linked to libcrypt.so, but it appears that it's not being used
>and instead perhaps an internal crypt function is being used?  I'm
>at a loss here, and there isn't any way for me to easily convert all
>my users passwords to the simplified form of crypt that appears to
>be being used.  Any help would be very much appreciated..