From owner-freebsd-isp  Sun Nov 28 22:38:48 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from blackbird.lonetree.com (blackbird.lonetree.com [207.141.55.3])
	by hub.freebsd.org (Postfix) with ESMTP id BDAAC153FA
	for <freebsd-isp@FreeBSD.ORG>; Sun, 28 Nov 1999 22:38:46 -0800 (PST)
	(envelope-from wolfman@csocs.com)
Received: from csocs.com [209.64.46.23] by blackbird.lonetree.com with ESMTP
  (SMTPD32-5.01) id AF57A03000D2; Sun, 28 Nov 1999 23:38:15 mdt
Message-ID: <38422055.2906C9B2@csocs.com>
Date: Sun, 28 Nov 1999 23:42:29 -0700
From: "J.C. Frazier" <wolfman@csocs.com>
X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.3-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Tom <tom@sdf.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: apache13-fp-modssl problem with passwords
References: <Pine.BSF.4.05.9911282040030.2406-100000@misery.sdf.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Tom wrote:

> > bash-2.03# file author.exe
> > author.exe: BSD/OS i386 compact demand paged executable
>
>   Statically link (since it doesn't say dynamic, it has to be static), and
> it is a BSD/OS executable, and I doubt that the crypt() function on BSD/OS
> knows anything about MD5 passwords.
>
> > I also checked the service.pwd files and it is encrypting it in DES:
> > bash-2.03# john /usr2/www/user/_vti_pvt/service.pwd
> > Loaded 1 password (Standard DES [24/32 4K])
> > correctpassword          (user)      <--- (real pass and username left out of
> > this e-mail)
> >
> > Just not sure about the process of decryption on frontpage or how the
> > passwords are matched...
>
>   Try a DES password in master.passwd.  If frontpage works with that, then
> you must either use DES passwords for everyone who wants to use frontpage,
> or get RTR Software to make a FreeBSD build of the frontpage executables.
>
> > J.C. Frazier
>
> Tom
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message

Very Interesting indeed.  I did as you sugested and changed a users password in
/etc/master.passwd into des.  Failed login via telnet/ftp, and password mismatch
via frontpage.  I then tried it with vipw so that all the dbs would be updated.
Same results.  It seems my crypt() doesn't know the difference between md5, des,
and a hole in it's head.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message