[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap 2.0.7/HP



When working through a test of password verification via kerberos, I was
initially getting dumps.  I changed the configuration and found that it no
longer dumped, but still didn't authenticate.  I put breakpoints in the
chk_kerberos routine and found that my password had been chopped short.

Looking into the header files, I found that openldap would use the password
prompt of the operating system, if there was one.  HP's man page for getpass
says right up front that it only accepts 8 characters.  I tried my password on
the command line (-w instead of -W) and it worked ok.

I altered include/portable.h to disable use of the getpass() routine, openldap
used it's own getpass routine, and the interactive password prompt was fine.

Could openldap be changed to use its own routine always?  I'm not sure why it
should ever depend on HP's 8 character getpass(), and other OS vendors may have
similarly damaged prompt routines.  Are there actually crypt() implementations
that have problems with too-long passwords?  I know crypt() only uses the first
8, but crypt() on the few platforms I've used have not stumbled over longer
passwords.