[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: MD5 passwords



On 12 Jun 1999, Andrew Morgan wrote:

> Anyone (using RH 6.0) want to confirm/deny this?

> Thanks

> Andrew

A quick check on a machine that's been using pam_pwdb with md5 passwords 
since RH4.2 shows that, when changed to authenticate via pam_unix (and the
glibc crypt()), authentication still works as before, which agrees with my
previous observations (I had learned of glibc's md5 support entirely by
accident).  This is on an x86.

Niels, you don't mention here what architecture you're trying this on.  Is
it x86?  If it's something like a Sparc, it's possible that there's an
endianness problem in either pam_pwdb or glibc.

The other possibility I see is if you've removed the magic '$1$' string from
the beginning of the salt when you call crypt(): glibc's crypt() needs the
magic string to be there so that it can identify the salt as an md5 salt.

-Steve Langasek
postmodern programmer

> Date: 12 Jun 1999 16:13:01 +0200
> From: Niels Möller <nisse@lysator.liu.se>
> To: Gergely Madarasz <gorgo@caesar.elte.hu>
> Cc: jdaily@cyberdude.com, PSST mailing list <psst@net.lut.ac.uk>
> Subject: Re: MD5 passwords

> I discovered that when reading the glibc documentation. However, it
> still doesn't work. Say that I have the password "gazonk" on this
> system. I.e. that's a password that I can use to login successfully.
> Then look at the line in /etc/passwd, which contains the encrypted
> password

>   $1$salt$ABCX7Qxx

> I wrote a testprograms that calls glibc:s crypt. If I invoke it with
> the salt taken from the passwd file, and my working password, the
> result does _not_ match the line in /etc/passwd. It appears that pam
> and glibc are not compatible. Although both use the same magic cookie
> $1$. I've now disabled md5-crypt on this system and changed my
> password to get a DES-based encrypted password instead. And now it
> works fine.

> Details: I have glibc-2.1.1, and linux-pam-0.66 (that was what was
> supplied with Redhat-6.0). Can anyone confirm this incompatibility?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []