[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
libcrypt info
- From: Marc Ewing <marc redhat com>
- To: pam-list redhat com
- Subject: libcrypt info
- Date: Mon, 10 Jun 1996 18:04:38 -0400
------- Forwarded Message
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Message-Id: <199606102144.XAA08386@i17linuxb.ists.pwr.wroc.pl>
Subject: Re: ANNOUNCE: Shadow + Red Hat (and more) RPMS and source now
To: marc@redhat.com (Marc Ewing)
Date: Mon, 10 Jun 1996 23:44:49 +0200 (MET DST)
Cc: shadow-list@neptune.cin.net, shadow-list@redhat.com
> > Why impose the use of libcrypt now and later on drop it on the floor and
> > switch to libPAM ? It is going to be messy, IMHO. Keep it simple, stupid,
> > someone said once... :-)
I think libcrypt can still be used by the pam_unix module. All it
does is to provide a modified crypt() which supports both the old-style
(DES based) and the new MD5-based algorithm. It has been done before -
see FreeBSD libcrypt (in the "secure" part of the distribution,
distributed from outside the US). It may well be integrated in libc,
but I think it is better to keep it separate so it can be replaced
more easily.
libpam will not replace libcrypt. All it takes to use libcrypt is to
link the program with it. It will be even easier as soon as ld.so
1.8.x goes out of beta testing - just edit /etc/ld.so.preload and no
programs need to be rebuilt at all. I don't think it is messy.
One thing I can't do with libcrypt is to port it to the Alpha and make
sure it gives the same results (I heard that even the regular crypt()
had this problem for a while). Anyone?
> The next release of Red Hat will be PAM based, and it will include
> shadow support. The PAM stuff is still quite new, and only a few
> programs have been retrofitted for PAM support. The PAM effort
I don't know when the next release is expected, but I think the
hardest part of PAM will be modifying applications (as I understand,
the PAM library itself is almost working). For ftpd it looks like
a major rewrite (the current design using yacc parser doesn't really
lend itself very well for PAM conversion). Someone will do it sooner
or later (when more UN*X vendors start using PAM) but it may take
another major kernel version...
It's not my decision, of course, but it would be nice if the new
Red Hat release was not delayed until PAM is ready. I admit that
shadow isn't perfect, but it works and is expected to be ready much
sooner (especially now that it should receive more testing from
people using the just released shadow RPMs).
It is possible to have some applications (like login) use PAM and
others (like ftpd) still the traditional shadow API. So the next
Red Hat release could well be half-PAM-based :-).
Regards,
Marek
------- End of Forwarded Message
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[]