md5 password encoding for pam_userdb
Ben Gladwell
bgladwell at goantiques.com
Tue Apr 22 19:50:48 UTC 2008
I added a few lines of code to pam_userdb so that it supports MD5
encoded passwords when using the crypt option.
I'm sure this isn't the right way to submit code, but I'm pretty new to
this, so sorry.
Supporting MD5 (and not just DES) encoded passwords seems pretty
important, since most distributions seem to use the MD5 option for
password pam_unix. I had a bunch of old passwords that I wanted to
authenticate against, but I didn't want to create system users.
Here's the diff:
214a215
> char md5salt[11];
216c217
< if (data.dsize != 13) {
---
> if (data.dsize != 13 && data.dsize != 34) {
223,224c224,233
<
< cryptpw = crypt (pass, salt);
---
> // Check for MD5 encryption
> if (strncmp (salt, "$1", 2) == 0 ) {
> int i;
> for (i=0; i<11; i++) {
> md5salt[i] = *(data.dptr + i);
> }
> cryptpw = crypt (pass, md5salt);
> } else {
> cryptpw = crypt (pass, salt);
> }
BTW - what are other ways of migrating from system accounts to virtual
accounts, using the same password digests as exist in an old shadow
file? Seems like mysql is a popular solution, but I didn't want to go
that direction.
Thanks,
Ben
More information about the Pam-list
mailing list