Goal: combine multiple domains on one RedHat 7.2 box for authentication
(for other Linux servers for mail, ppp (RADIUS), web etc.)
Existing system has multiple servers running various flavors of BSD.
There are three main crypts (hashes) in use, all the old BSD boxes
modified so they can authenticate all:
traditional DES-based hashes
13 byte hash includes 2 byte salt
FreeBSD-style MD5-based hashes $1 prefix
BSDI/FreeSec extended/"new-style" DES-based hashes _ prefix
(and also Blowfish $2a$ but only for a very few users)
RedHat out of the box understands the first two.
With 10,000 users it is not practical to issue new passwords as
most hashes are "new-style".
So I would like add the "new-style" DES-based hashes - only to authenticate
new password hashes can all be MD5 -
So I tried adding a check in unix_ckpwd.c for the "_" (underscore)
to call my version of crypt.c to authenticate the "new-style" DES-based hashes -
my code, based on the code in our BSD boxes, was checked in a test environment
and works fine but when I modify unix_ckpwd.c and add my crypt.c module,
named PWCrypt.c and PWCrypt() to avoid any possible name collision,
rebuild and install pam_unix.so, and then try to authenticate, pam complains
that pam_unix.so is not loadable.
I will try to discover what the problem is and fix pam_unix.so -
But in the meanwhile someone, somewhere certainly has faced
this problem because of acquisitions.
Hopefully someone has a pluggable module that will do the trick!
Any help would be appreciated. I posted to linux.redhat.pam
with no luck