[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Making Linux use Blowfish for passwd/shadow encryption

On Thu, Sep 25, 2003 at 04:16:20PM -0600, Rennie deGraaf wrote:
> Well, if all the applications that would need to authenticate use PAM, 
> someone could write a PAM module (or a patch on pam_unix) that checks if 
> the stored hash is a Blowfish hash (what's the code, $2?) and checks it 
> itself, and if not, passes it on to crypt().  That would take some 
> coding and a knowledge of Blowfish, but it's not as invasive as 
> installing a new libc.

But it's also even more of a hack and less functional.

> I've done something similar using Apache password hashes - expect to see 
> me post the code to this list within the next couple of weeks.

There's no need: a pointer to one such module has been posted in this
thread already, another (pam_crypt by Adam Slattery) has been discussed
here a long time ago (so you should be able to locate it by searching
list archives).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]