Date: Fri, 12 Oct 2001 19:42:12 -0500 From: "Stephen Hilton" <nospam@hiltonbsd.com> To: "FreeBSD Security" <freebsd-security@FreeBSD.ORG> Subject: RE: FreeBSD 4.4 and DES Message-ID: <KPEMJADBBBFPDEDOIOMBMEALDDAA.nospam@hiltonbsd.com> In-Reply-To: <6B3C6B6F7AA2D511A35E0080C86993435962@syncro.metrics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Has anyone successfully got DES working with FreeBSD 4.4? I need this to > get FrontPage 2002 server extensions running ... > > I managed to get through the FrontPage install process -- the 2002 > extensions explicitly support FreeBSD, and I now get a few steps into the > FrontPage-to-Apache connection. But I fail in the authentication process. > > I think this is because FrontPage uses DES, while FreeBSD 4.4 defaults to > MD5. Or at least that's what my net.research tells me. I tried to install the apache13-fp port today on FreeBSD snapshot 4.4-20011010 and had to also make some changes to the ports Makefile to get it to compile. This is for FrontPage 2000 support, not FrontPage 2002, YMMV Changed this in the Makefile: .if ${OSVERSION} < 500016 pre-extract: @if ! ${LDCONFIG} -r | ${GREP} -q -e "-ldescrypt"; then \ ${ECHO} ; \ ${ECHO} "WARNING: MS FrontPage Extentions require the DES Library" To: .if ${OSVERSION} < 500016 pre-extract: @if ! ${LDCONFIG} -r | ${GREP} -q -e "-lcrypt"; then \ ${ECHO} ; \ ${ECHO} "WARNING: MS FrontPage Extentions require the DES Library" Changed the "-ldescrypt" to "-lcrypt" Then edited my /etc/login.conf and uncommented the last example for "des_users" to activate it, then ran the "cap_mkdb /etc/login.conf" command. Then I took my FrontPage user who was already added with the default md5 style password and added the login class to their passwd file entry with vipw. Example: From: webborg:$2$Ogfr3HH/$ou812YtzNcnKRnIrtU0G3/:1100:1100::0:0:FP-2000 user:/home/webborg :/sbin/nologin To: webborg:$2$Ogfr3HH/$ou812YtzNcnKRnIrtU0G3/:1100:1100:des_user:0:0:FP-2000 user:/home/webborg:/sbin/nologin Now I logged in as webborg and changed my password with "passwd", this then gave this user a DES based password, and connection with FrontPage went fine from a W2k PC. From other reading it appears that the FP extensions to Apache add a number of security problems, and should be thoroughly researched and vulnerability tested before deploying. In my case the web server is in a small secure intranet only. Hope this may help. Regards, Stephen Hilton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KPEMJADBBBFPDEDOIOMBMEALDDAA.nospam>