Date: Fri, 12 Oct 2001 19:42:12 -0500 From: "Stephen Hilton" <nospam@hiltonbsd.com> To: "FreeBSD Security" <freebsd-security@FreeBSD.ORG> Subject: RE: FreeBSD 4.4 and DES Message-ID: <KPEMJADBBBFPDEDOIOMBMEALDDAA.nospam@hiltonbsd.com> In-Reply-To: <6B3C6B6F7AA2D511A35E0080C86993435962@syncro.metrics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Has anyone successfully got DES working with FreeBSD 4.4? I need this to
> get FrontPage 2002 server extensions running ...
>
> I managed to get through the FrontPage install process -- the 2002
> extensions explicitly support FreeBSD, and I now get a few steps into the
> FrontPage-to-Apache connection. But I fail in the authentication process.
>
> I think this is because FrontPage uses DES, while FreeBSD 4.4 defaults to
> MD5. Or at least that's what my net.research tells me.
I tried to install the apache13-fp port today on FreeBSD snapshot
4.4-20011010 and had to also make some changes to the ports Makefile to get
it to compile. This is for FrontPage 2000 support, not FrontPage 2002, YMMV
Changed this in the Makefile:
.if ${OSVERSION} < 500016
pre-extract:
@if ! ${LDCONFIG} -r | ${GREP} -q -e "-ldescrypt"; then \
${ECHO} ; \
${ECHO} "WARNING: MS FrontPage Extentions require the DES
Library"
To:
.if ${OSVERSION} < 500016
pre-extract:
@if ! ${LDCONFIG} -r | ${GREP} -q -e "-lcrypt"; then \
${ECHO} ; \
${ECHO} "WARNING: MS FrontPage Extentions require the DES
Library"
Changed the "-ldescrypt" to "-lcrypt"
Then edited my /etc/login.conf and uncommented the last example for
"des_users" to activate it, then ran the "cap_mkdb /etc/login.conf" command.
Then I took my FrontPage user who was already added with the default md5
style password and added the login class to their passwd file entry with
vipw.
Example:
From:
webborg:$2$Ogfr3HH/$ou812YtzNcnKRnIrtU0G3/:1100:1100::0:0:FP-2000
user:/home/webborg
:/sbin/nologin
To:
webborg:$2$Ogfr3HH/$ou812YtzNcnKRnIrtU0G3/:1100:1100:des_user:0:0:FP-2000
user:/home/webborg:/sbin/nologin
Now I logged in as webborg and changed my password with "passwd", this then
gave this user a DES based password, and connection with FrontPage went fine
from a W2k PC.
From other reading it appears that the FP extensions to Apache add a number
of security problems, and should be thoroughly researched and vulnerability
tested before deploying. In my case the web server is in a small secure
intranet only.
Hope this may help.
Regards,
Stephen Hilton
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KPEMJADBBBFPDEDOIOMBMEALDDAA.nospam>