Date: Thu, 17 Jun 2004 14:21:21 -0400 (EDT) From: Charles Sprickman <spork@fasttrackmonkey.com> To: freebsd-ports@freebsd.org Cc: anders@freebsd.org Subject: pam-mysql and blowfish Message-ID: <20040617140830.G731@toad.nat.fasttrackmonkey.com>
next in thread | raw e-mail | index | archive | help
Hi, This is kind of my last shot at this... It seems the pam-mysql project is pretty much abandoned. There are some recent patches, but no one to integrate them, and pretty much zero traffic on the mailing list. I've been doing some testing here, and while it generally seems to work, it doesn't handle blowfish encrypted passwords, which seems a bit odd. Every other piece of authentication software I've played with (vpopmail, radius, etc.) seems to just "automagically" work with blowfish since Freebsd's crypt() understands blowfish. Not knowing much C, it appears to me that the author has kind of hacked together things himself rather than rely on some of the built-in crypt functions. For example, this is one reason it doesn't work with blowfish: if (strncmp("$1$", row[0], 3) == 0) { /* A MD5 salt starts with "$1$" and is 12 bytes long */ strncpy(salt, row[0], 12); salt[12] = '\0'; } else { /* If it's not MD5, assume DES and a 2 byte salt. */ strncpy(salt, row[0], 2); salt[2] = '\0'; } Is there anyone that would like to take this on? If not, I'm thinking of having someone try to "BSD-ify" this to avoid things like the above and rely on our own crypt lib. If that's the case, does anyone have some pointers as to where to start? What's some good example code to look at? I'd appreciate direct cc:'s on this, I'm already sub'd to too many FBSD lists at the moment to add another. :) Thanks, Charles
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040617140830.G731>