[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
MD5 unix passwords problems
Hi !
I migrated my /etc/passwd md5 password file to ldap, to authenticate
users with pam_ldap and nss_ldap. I'm running PCs under Linux redhat 6.2
and mandrake 7.1.
It worked fine until I wanted to update users passwords with the
'passwd' command.
Indeed I was unable to modify the ldap entry because it did not
understand '$1$salt$sdsdcsdc' md5 style unix passwords.
It seems that openldap uses the std 'crypt()' function (which supports
md5 and des), but if you compile openldap with openssl, then crypt() is
taken from libcrypto.so and the latter only supports DES passwords.
So, here is my ugly patch: replace crypt() by fcrypt() in
libraries/liblutil/passwd.c in order to be sure to use the glibc crypt.
Maybe, we could put some '#if#else' statements that would enable the
hack when compiled with openssl ??
regards,
Ludovic Drolez.
--- passwd.c.orig Wed Jan 31 16:20:03 2001
+++ passwd.c Fri Feb 2 10:55:22 2001
@@ -828,7 +828,7 @@
return -1; /* passwd must behave like a string */
}
- cr = crypt( cred->bv_val, passwd->bv_val );
+ cr = fcrypt( cred->bv_val, passwd->bv_val );
if( cr == NULL || cr[0] == '\0' ) {
/* salt must have been invalid */
@@ -899,7 +899,7 @@
return -1;
}
- cr = crypt(cred->bv_val, pw);
+ cr = fcrypt(cred->bv_val, pw);
if( cr == NULL || cr[0] == '\0' ) {
/* salt must have been invalid *
/@@ -1038,7 +1038,7 @@
salt[1] = crypt64[ salt[1] % (sizeof(crypt64)-1) ];
salt[2] = '\0';
- hash.bv_val = crypt( passwd->bv_val, salt );
+ hash.bv_val = fcrypt( passwd->bv_val, salt );
if( hash.bv_val == NULL ) return NULL;