[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Multiple crypts

I have a problem that I would think has already been solved.
I have scanned the 7 mb of the archive of this list and have
not found anything on target.

Goal: combine multiple domains on one RedHat 7.2 box for authentication
(for other Linux servers for mail, ppp (RADIUS), web etc.)

Existing system has multiple servers running various flavors of BSD.

There are three main crypts (hashes) in use, all the old BSD boxes have crypt.c
modified so they can authenticate all:

    traditional DES-based hashes        13 byte hash includes 2 byte salt
    FreeBSD-style MD5-based hashes                        $1 prefix
    BSDI/FreeSec extended/"new-style" DES-based hashes    _  prefix
(and also Blowfish $2a$ but only for a very few users)

RedHat out of the box understands the first two.

With 10,000 users it is not practical to issue new passwords as
most hashes are "new-style".

So I would like add the "new-style" DES-based hashes - only to authenticate -
new password hashes can all be MD5 -

So I tried adding a check in unix_ckpwd.c for the "_" (underscore) prefix
to call my version of crypt.c to authenticate the "new-style" DES-based hashes -
my code, based on the code in our BSD boxes, was checked in a test environment
and works fine but when I modify unix_ckpwd.c and add my crypt.c module,
named PWCrypt.c and PWCrypt() to avoid any possible name collision,
rebuild and install pam_unix.so, and then try to authenticate, pam complains
that pam_unix.so is not loadable.

I will try to discover what the problem is and fix pam_unix.so -
But in the meanwhile someone, somewhere certainly has faced
this problem because of acquisitions.
Hopefully someone has a pluggable module that will do the trick!

Any help would be appreciated.  I posted to linux.redhat.pam with no luck
so far.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []