[Date Prev][Date Next] [Chronological] [Thread] [Top]

Adding crypt(3) salt format (ITS#1202)



Full_Name: Jeff Costlow
Version: HEAD
OS: RH linux 6.2
URL: ftp://ftp.openldap.org/incoming/jcostlow-010612.patch
Submission from: (NULL) (205.229.151.150)


See this thread:
http://www.openldap.org/lists/openldap-devel/200105/msg00020.html

But here's the gist of it anyway:
>Other than to use adaptive code (such as code which calls
>crypt_get_format(3) or like functions) [which is likely a rat
>hole], a single configuration option might resolve this.
>
>        crypt-salt-format "%.2s"
>        crypt-salt-format "%.8s"        (default)
>        crypt-salt-format "_abcd%.4s"
>        crypt-salt-format "$1$%.8s"
>...
>I suggest a quick hack initially.  Add a static (local to file)
>variable to liblutil/passwd.c which holds a point to a format
>string (default to NULL) and then code to check if the generate
>crypt() password function.  If NULL, do what we do today.  Otherwise,
>generate a 16 character long, base64 salt string and snprintf it
>into the salt to be passed to crypt using the specified format.  And
>an access function which sets the static variable.
>
>In slapd, hack config.c to have an directive which sets the
>format via an access function.

This patch is:
Copyright 2001, F5 Networks, Inc, All rights reserved.
This software is not subject to any license of F5 Networks.

This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself.


(Note the license is different than the license with which I submitted the last
patch.  The OpenLDAP project has permission to use the code without crediting F5
Networks.)

Thanks.