On 12 Jun 1999, Niels [ISO-8859-1] M�ller wrote:
> Date: 12 Jun 1999 16:13:01 +0200
> From: "Niels [ISO-8859-1] M�ller" <[EMAIL PROTECTED]>
> To: Gergely Madarasz <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], PSST mailing list <[EMAIL PROTECTED]>
> Subject: Re: MD5 passwords
>
> Gergely Madarasz <[EMAIL PROTECTED]> writes:
>
> > md5 passwords are handled by glibc2 transparently (and libc5 since 5.4.42
> > or something), so just calling crypt() with the whole encrypted
> > password should work. At least it worked for me on Debian/i386 with glibc
> > 2.0 and glibc 2.1.
>
> I discovered that when reading the glibc documentation. However, it
> still doesn't work. Say that I have the password "gazonk" on this
> system. I.e. that's a password that I can use to login successfully.
> Then look at the line in /etc/passwd, which contains the encrypted
> password
>
> $1$salt$ABCX7Qxx
>
> I wrote a testprograms that calls glibc:s crypt. If I invoke it with
> the salt taken from the passwd file, and my working password, the
> result does _not_ match the line in /etc/passwd. It appears that pam
> and glibc are not compatible. Although both use the same magic cookie
My tests seem to show that they indeed are compatible.
Please look at the attached file.
To compile it just run
cat how_compiled2.txt | sh
The program is a slightly modified testpass.c.texi from
glibc-crypt-2.1.tar.gz (which is included in glibc-2.1.1-7.src.rpm on
RedHat 6.0 source CD)
I have compiled and run it on RedHat 6.0 and RedHat 5.2 (updated to run
2.2.x kernel), feeding it output from /etc/shadow password field,
generated through PAM on RedHat 4.2 and on RedHat 5.2.
The session looked as follows:
[wpilorz@RHL52 test]$ ./testpass2
Give encoded password string :$1$lVLqz8ae$8QdL3o8gQhpFZ8ih82CVa/
Password:
Access granted.
Encoded result was '$1$lVLqz8ae$8QdL3o8gQhpFZ8ih82CVa/'
$
The password was "test 001" (without quotes).
> $1$. I've now disabled md5-crypt on this system and changed my
> password to get a DES-based encrypted password instead. And now it
> works fine.
>
> Details: I have glibc-2.1.1, and linux-pam-0.66 (that was what was
> supplied with Redhat-6.0). Can anyone confirm this incompatibility?
Could you please try attached program?
> One of its consequences is that if you have a system with these
> versions of glibc and linux-pam, and a lot of users with
> md5-passwords, and you decide to uninstall PAM, or replace the
> pam_pwdb module with a module that uses the crypt()-function from
> glibc, those users will no longer be able to log in. If the root
> password was encrypted with md5, you may have to dig out your boot
> floppies (which would be a little difficult for me; I have no floppy
> and no CD in the machine).
>
> BTW, I have created a new snapshot, lsh-0.1.1. It has some problems
> with POLLHUP (also on linux). Suggestions about the Right way to
> handle POLLHUP, POLLERR and POLLPRI are appreciated.
>
> Regards,
> /Niels
>
>
Best regards,
Wojtek
testpass2.tgz
