[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_crypt module will change the world



On Mon, Apr 16, 2001 at 06:05:38PM -0500, Steve Langasek wrote:
> Since portability to other OSes is a concern for Linux-PAM, even integrated
> bcrypt support in glibc doesn't eliminate the need for bcrypt support in PAM.

This is assuming that we want to provide support for all password
hashes Linux-PAM modules could handle on all platforms supported by
Linux-PAM.  I'm not sure this needs to be one of Linux-PAM goals.

> One of my long-term aspirations for pam_unix is to reorder the module such
> that it can detect what crypt algorithms are supported by the OS crypt()
> function, and compile in its own implementation for *only* those it needs to
> provide.

This would be an improvement, but I think a more consistent approach
is to provide a library with crypt_rn() and crypt_gensalt_rn(), but
only link the modules against it on platforms which lack one or both
of these functions.  This is assuming we/I will be able to get these
functions into glibc's libcrypt.  If not, then we could do the same
for just crypt().

-- 
/sd





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []