[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch: Fix user authentication + MKDB
From: |
Lars Henriksen |
Subject: |
Re: Patch: Fix user authentication + MKDB |
Date: |
Sun, 29 Sep 2002 11:40:01 +0200 |
User-agent: |
Mutt/1.4i |
On Fri, Sep 27, 2002 at 02:59:28PM -0700, Pankaj K Garg wrote:
> >...
> > I've spotted one difference in behaviour: gnatsd no longer seems to
> > remember the user when you switch between databases (it still
> > remembers
>
> OOpss...yes, this should not have happened. There was a problem with
> the way I was handling NULL usernames and passwords.
>
> Should be fixed in the attached patch.
It is! I believe your patch is OK now as far as plaintext/no password
is concerned. Apart from making the password checking work, this is a
convenient improvement.
But as for DES/MD5 I believe the original code is correct:
else
{
/* DES crypt or MD5 hash of the password */
#ifdef HAVE_LIBCRYPT
char *encrypted = crypt (password, hash);
return encrypted && ! strcmp (encrypted, hash);
#else
/* TODO: log some warning */
return FALSE;
#endif
}
It is for crypt() to decide the form of password encryption based on
the contents of hash: if hash begins with $1$ it will use MD5, if it
doesn't begin with $<digit>$ it will use DES. The return value of
crypt() is similarly adjusted with a starting $1$ for MD5. This assumes
an MD5-supporting crypt(3) (e.g. FreeBSD or GNU). With a traditional
Unix crypt() function you will of course get DES encryption.
Regards
Lars Henriksen
- Patch: Fix user authentication + MKDB, Pankaj K Garg, 2002/09/23
- Re: Patch: Fix user authentication + MKDB, Lars Henriksen, 2002/09/25
- Re: Patch: Fix user authentication + MKDB, Dirk Schenkewitz, 2002/09/25
- RE: Patch: Fix user authentication + MKDB, Pankaj K Garg, 2002/09/25
- RE: Patch: Fix user authentication + MKDB, Pankaj K Garg, 2002/09/26
- RE: Patch: Fix user authentication + MKDB, Yngve Svendsen, 2002/09/27
- Re: Patch: Fix user authentication + MKDB, Lars Henriksen, 2002/09/27
- RE: Patch: Fix user authentication + MKDB, Pankaj K Garg, 2002/09/27
- Re: Patch: Fix user authentication + MKDB, Lars Henriksen, 2002/09/27
- RE: Patch: Fix user authentication + MKDB, Pankaj K Garg, 2002/09/27
- Re: Patch: Fix user authentication + MKDB,
Lars Henriksen <=
- RE: Patch: Fix user authentication + MKDB, Pankaj K Garg, 2002/09/29
RE: Patch: Fix user authentication + MKDB, Pankaj K Garg, 2002/09/25