On 27-Jul-2001 Brad Bonkoski wrote:
>
>
> Don Read wrote:
>
>> On 26-Jul-2001 sachin shetty wrote:
>> > Hi
>> > Is it possible to authenticate a logged on user by comparing the unix
>> > passwd file entry with the mysql user table entry(after copying passwords
>> > from the password file to the table).
>>
>> The password_crypt routine used in MySQL is incompatible with the DES/MD5
>> crypt
>> used for Unix passwords.
>> Besides, MySQL user-names have nothing to do with Unix login-names.
>>
>
> Isnt' the idea of DES crypt to be a standard method of encryption? Why
> would
> mysql's DES crypt be different then Unix? It would seem weird that Perl
> crypt, PHP
> crypt and Unix crypt are all the same, but mysql crypt is different, what's
> the
> point of having it at all then?
The authentication in mysql.user expects passwords as generated by the internal
function PASSWORD() which is _not_ the same as crypt(3) in libcrypt.so.
mysql> select PASSWORD('mypass') as MySQL_passwd;
+------------------+
| MySQL_passwd |
+------------------+
| 6f8c114b58f2ce9e |
+------------------+
1 row in set (0.02 sec)
mysql> select encrypt('mypass','Az') as DES_passwd;
+---------------+
| DES_passwd |
+---------------+
| Az7.WJ.dhG.ds |
+---------------+
1 row in set (0.00 sec)
mysql> select encrypt('mypass','$1$') as MD5_passwd;
+----------------------------+
| MD5_passwd |
+----------------------------+
| $1$$y6yg42JZIjxLYEdRp0CD70 |
+----------------------------+
1 row in set (0.00 sec)
mysql> # dont have blowfish libs
mysql> select encrypt('mypass','$2$') as Blowfish;
+----------+
| Blowfish |
+----------+
| : |
+----------+
1 row in set (0.00 sec)
> And mysql user names do have nothing to do
> with
> the names in /etc/password, but administrators *could* make then the same if
> they
> choose.
>
Yep, if they choose. But organization-wide access & authentication properly
belongs to other tools (and i don't mean YP/NIS).
>>
>> > If there is a module that handles
>> > this during connection of the mysql client to the server,
>>
>> Maybe once PAM & Kerberos become common-place, the user community could
>> submit some patches ?
>>
<snip>
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
(53kr33t w0rdz: sql table query)
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
