Daniel S. Haischt <[EMAIL PROTECTED]> wrote:
> Anyway - Would it be possible to write SHA/MD5 hashes
> to the passwd column, if someone is using the SASL
> AUTH method to authenticate against a RDBMS?
It should be rather simple to use MD5 or DES hashed passwords (Not
hashes, it is impossible, but *hashed passwords*. The latter differ from
the former in that they include seed value used to produce the
hash). The following change should be enough:
Index: src/gsasl_srv.c
===================================================================
RCS file: /cvsroot/anubis/anubis/src/gsasl_srv.c,v
retrieving revision 1.14
diff -p -u -r1.14 gsasl_srv.c
--- src/gsasl_srv.c 15 May 2005 17:41:19 -0000 1.14
+++ src/gsasl_srv.c 18 May 2005 09:34:15 -0000
@@ -240,7 +240,7 @@ cb_validate (Gsasl_session_ctx * ctx,
if (usr->smtp_authid == NULL
|| strcmp (usr->smtp_authid, authentication_id)
- || strcmp (usr->smtp_passwd, password))
+ || strcmp (crypt(password, usr->smtp_passwd), usr->smtp_passwd))
return GSASL_AUTHENTICATION_ERROR;
return GSASL_OK;
}
Regards,
Sergey
_______________________________________________
Bug-anubis mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-anubis
