[tac_plus] Re: tac_plus with PAM on FreeBSD
Joe Moore
joe.moore at holidaycompanies.com
Wed Mar 12 17:56:48 UTC 2008
I'm not a developer, but when I run tac_plus with /etc/passwd auth,
debug output shows my (correct) password in plain text. Debug also shows
what the plain-text password "encrypts to", which does not resemble the
hash in /etc/master.passwd.
The hashed pw in master.passwd is MD5 and has an 8 character salt
prepended to the hash. I'm guessing (and that's all it is) that maybe
tac_plus is using a different method to encrypt the plain-text password
than FBSD is using, or maybe it's just not aware of the salt. I know
this used to work on FBSD 4.x and 5.x. No dice with 6 or 7 though...
...jgm
-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Kiss Gabor (Bitman)
Sent: Wednesday, March 12, 2008 12:18 PM
To: john heasley
Cc: tac_plus at shrubbery.net
Subject: [tac_plus] Re: tac_plus with PAM on FreeBSD
> > You need a libcrypt.so with GNU extensions where crypt(3)
> > supports md5 password hashes.
>
> For the record, there is nothing GNU about this. GNU stuff might
support
> it now, but it originated with BSD and AFAIK FBSD, NBSD and OBSD all
support
> DES and MD5 hashes and FBSD and NBSD also support blowfish, IIRC.
You must be right.
I just read this on crypt(3) man page a few days ago:
GNU EXTENSION
The glibc2 version of this function has the following additional
fea-
tures. If salt is a character string starting with the three
charac-
ters "$1$" followed by at most eight characters, and optionally
termi-
nated by "$", then instead of using the DES machine, the glibc
crypt
function uses an MD5-based algorithm, ...
but I did not make any effort to research the origin of md5 password
handling. :-)
Gabor
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list