[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP uses crypt() of OpenSSL instead of system libraries (ITS#2123)

To: openldap-its@OpenLDAP.org
Subject: Re: OpenLDAP uses crypt() of OpenSSL instead of system libraries (ITS#2123)
From: owen@iserve01.lis.uiuc.edu
Date: Thu, 3 Oct 2002 16:01:58 GMT

Hi all,

I wrote a patch for openssl-0.9.6e which lets you remove the crypt()
function call.  I've only tested it on RedHat 7.3 and Solaris 8.  It
can be found at

http://www.isrl.uiuc.edu/~owen/

To use the patch, add the 'skip_crypt' flag at configure time:

./config --prefix=/where/you/want shared skip_crypt

On Thu, Oct 03, 2002 at 02:31:26PM +0000, hyc@highlandsun.com wrote:
> The OpenSSL library is defective. See the FAQ-o-Matic.
> http://www.openldap.org/faq/data/cache/185.html
> 
> This is not an OpenLDAP bug, this issue will be closed.
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support 
> 
> > -----Original Message-----
> > From: owner-openldap-bugs@OpenLDAP.org
> > [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of ast@domdv.de
> > Sent: Thursday, October 03, 2002 3:29 AM
> > To: openldap-its@OpenLDAP.org
> > Subject: OpenLDAP uses crypt() of OpenSSL instead of system libraries
> > (ITS#2123)
> > 
> > 
> > Full_Name: Andreas Steinmetz
> > Version: 2.1.5
> > OS: Linux 2.4
> > URL: 
> > Submission from: (NULL) (217.229.56.110)
> > 
> > 
> > Description:
> > 
> > OpenLDAP links against OpenSSL (-lcrypto) without prior 
> > linking against the
> > proper system library (-lcrypt) so the crypt() function of 
> > OpenSSL is used
> > instad of the system crypt() function.
> > 
> > Problem:
> > 
> > Unfortunately the OpenSSL crypt() function does not handle 
> > MD5 passwords as does
> > the system crypt() function (part of glibc 2.2.5). Thus 
> > transparent migration to
> > OpenLDAP from Shadow or NIS will fail for all more modern 
> > installations as the
> > user passwords are not processed correctly.
> > 
> > Solution:
> > 
> > Assert to link against -lcrypt prior to linking against 
> > -lcrypto on systems
> > which do have an explicit crypt library, i.e. include 
> > LUTIL_LIBS for linking
> > (seems to be defined but ignored) and do it before including TLS_LIBS.
> > 
> > 
> 
> 

-- 
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>  Brynnen Owen            (     this space for rent                      )<>
<>  owen@uiuc.edu           (                                              )<>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Prev by Date: Re: ldappasswd hangs (server deadlock) (ITS#2122)
Next by Date: Re: ACL's using group access do not work (ITS#2118)
Index(es):
- Chronological
- Thread