[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Unix password "extensions"?



On Tue, Oct 17, 2000 at 02:47:14PM -0400, Nalin Dahyabhai wrote:
> Since shipping our most recent release using pam_unix instead of pam_pwdb,
> we've gotten reports from users having problems authenticating using NIS
> servers running on HP/UX.  It looks like the the pw_passwd or sp_pwdp
> fields have additional data in them, which is marked by appending a comma
> to the real data (similar to the way the gecos information is formatted).
> 
> Given that md5 crypt() allows commas in the salt, would the right way to
> work around this be to use strncmp() instead of strcmp() to compare the
> hashed values for md5 passwords, and to terminate the copy read from the
> file at the first comma for other (crypt/bigcrypt) cases?
> 
> Nalin

These "extensions" date back to the late 1970's and PWB Unix 1.0.  They
relate to password aging.  The passwords use regular crypt().  If your
getpw*() functions don't terminate at the comma, then you can either use
strncmp() or replace the commas with NULs in-line [but beware of any
other problems that may cause].

It may be that there are other functions of which I'm unaware that
handle this transparently.

-- 
/*********************************************************************\
**
** Joe Yao				jsdy@tux.org - Joseph S. D. Yao
**
\*********************************************************************/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []