[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fwd: MD5 passwords]



On Sat, 12 Jun 1999, Andrew Morgan wrote:

I'm using RH6.0, and it works fine with me.  Check this quick thing, maybe
it's just a Debian thing..,

#include <stdio.h>
#include <crypt.h>

int main()
{
   char salt[5],plainpass[90];
   char *cryptpass;

   strcpy (salt,"$1$ERTy/TxB");
   strcpy (plainpass,"test");
   cryptpass = crypt(plainpass, salt);
   printf ("$1$ERTy/TxB$8SvpOpvsBPaAuLWlZIiNA0\n");
   printf ("%s\n", cryptpass);
   return 0;
}

> Anyone (using RH 6.0) want to confirm/deny this?
> 
> Thanks
> 
> Andrew
I discovered that when reading the glibc documentation. However, it
still doesn't work. Say that I have the password "gazonk" on this
system. I.e. that's a password that I can use to login successfully.
Then look at the line in /etc/passwd, which contains the encrypted
password

  $1$salt$ABCX7Qxx

I wrote a testprograms that calls glibc:s crypt. If I invoke it with
the salt taken from the passwd file, and my working password, the
result does _not_ match the line in /etc/passwd. It appears that pam
and glibc are not compatible. Although both use the same magic cookie
$1$. I've now disabled md5-crypt on this system and changed my
password to get a DES-based encrypted password instead. And now it
works fine.

---
tani hosokawa
river styx internet

--- Begin Message ---
Gergely Madarasz <gorgo@caesar.elte.hu> writes:

> md5 passwords are handled by glibc2 transparently (and libc5 since 5.4.42
> or something), so just calling crypt() with the whole encrypted
> password should work. At least it worked for me on Debian/i386 with glibc
> 2.0 and glibc 2.1.

I discovered that when reading the glibc documentation. However, it
still doesn't work. Say that I have the password "gazonk" on this
system. I.e. that's a password that I can use to login successfully.
Then look at the line in /etc/passwd, which contains the encrypted
password

  $1$salt$ABCX7Qxx

I wrote a testprograms that calls glibc:s crypt. If I invoke it with
the salt taken from the passwd file, and my working password, the
result does _not_ match the line in /etc/passwd. It appears that pam
and glibc are not compatible. Although both use the same magic cookie
$1$. I've now disabled md5-crypt on this system and changed my
password to get a DES-based encrypted password instead. And now it
works fine.

Details: I have glibc-2.1.1, and linux-pam-0.66 (that was what was
supplied with Redhat-6.0). Can anyone confirm this incompatibility?
One of its consequences is that if you have a system with these
versions of glibc and linux-pam, and a lot of users with
md5-passwords, and you decide to uninstall PAM, or replace the
pam_pwdb module with a module that uses the crypt()-function from
glibc, those users will no longer be able to log in. If the root
password was encrypted with md5, you may have to dig out your boot
floppies (which would be a little difficult for me; I have no floppy
and no CD in the machine).

BTW, I have created a new snapshot, lsh-0.1.1. It has some problems
with POLLHUP (also on linux). Suggestions about the Right way to
handle POLLHUP, POLLERR and POLLPRI are appreciated.

Regards,
/Niels



--- End Message ---

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []