Trouble with crypt(3) in pam module.

[Pedro Fortuny Ayuso]

Anthony,

On Sun, Jun 6, 2010 at 3:19 PM, Anthony Iliopoulos <ailiop at lsu.edu> wrote:

> Pedro,
>
> On Sun, Jun 06, 2010 at 11:24:50AM +0200, Pedro Fortuny Ayuso wrote:
> > Anthony,
> >
> > Yes, I did isolate the fault: it is the crypt() call for sure. Most
> probably
> > it is the
> > sshd thread context thing you mention (it is the only way I have tried to
> > run it so far).
> > As a matter of fact I tried to use also OpenSSL's BIOs and got another
> > segfault when calling BIO_free() (all this in through sshd), which makes
> > me think the thread context is the key to the problem.
> >
> > I shall try and use the crypt_r version. However, could you point me
> > to some place where this thread context of sshd is explained? Is there a
> way
>
> I don't believe there's any better explanation other than the source code,
> see auth-pam.c in any openssh portable release tree.
>
> > to replicate crypt() using OpenSSL?
>
> There are several ways to replicate crypt() via OpenSSL, see
> http://www.openssl.org/docs/crypto/des.html, I assume DES_fcrypt
> is probably what you need.
>
> > Thanks a lot,
> >
> > Pedro.
>
> Hope that helps,
>
> Regards,
> Anthony
>
>
Well, it is nice to get this kind of help.

I have just checked the DES_  family's documentation and yes,

==DES_fcrypt: is a fast version of the Unix crypt(3) function.
==(...) This function is thread safe, unlike the normal crypt
(by the way, DES_crypt seems to do the trick as well)

About to read pam-auth.c in detail, but I guess my problems are solved
by now. I'll keep this thread posted anyway, for completeness.

Thanks a lot and all the best,

Pedro.


-- 
Pedro Fortuny Ayuso
Dpto de Matemáticas
Escuela Univ. de Ingeniería Técnica Industrial
Campus Universitario de Gijón (Viesques)
33203 Gijón (Asturias)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20100606/b2fbe983/attachment.htm>