[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Unix password "extensions"?



On Thu, Oct 19, 2000 at 10:57:56AM -0400, Joseph S D Yao wrote:
> These "extensions" date back to the late 1970's and PWB Unix 1.0.  They
> relate to password aging.  The passwords use regular crypt().  If your
> getpw*() functions don't terminate at the comma, then you can either use
> strncmp() or replace the commas with NULs in-line [but beware of any
> other problems that may cause].

SunOS 4.x used to support this as well. It's really lame because the
info that follows the comma is like a TTL and is validated against the
local lastlog entry.

I don't know much about Unix password hasing algorythms other than
crypt(), so I can't say for sure, which is why you should make sure that
there is no possibility of confusing crypt() passwords with, say, md5
hashed passwords. A decent heuristic for distinguishing crypt()
passwords from others is to check the length of the string: 13
characters indicate it's crypt()ed. With this horrid password aging TTL
scheme that heuristic is broken and so you'll have to work out a
different heuristic or use none at all (i.e., try every hash algorythm
supported).

> It may be that there are other functions of which I'm unaware that
> handle this transparently.

I don't remember any such functions in SunOS.

> -- 
> /*********************************************************************\
> **
> ** Joe Yao				jsdy@tux.org - Joseph S. D. Yao
> **
> \*********************************************************************/


Nico
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []