[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]
RE: md5 hashing on passwords?

From: "Michael A. Dietz" <mad099 dietznet net>
To: pam-list redhat com
Subject: RE: md5 hashing on passwords?
Date: Thu, 21 Sep 2000 11:57:19 -0500 (CDT)
Looks like you are missing glib.h and other files.
Probably don't have glib-devel*.rpm installed. 
On Thu, 21 Sep 2000, Kelli Wolfe wrote:

> Thank you for the patch, Steve.  I'm going to get it compiled and
> tested with Andrew's constraints, however...
> 
> I'm trying to "make" in the pam-0.72 directory on my RedHat 6.2
> system and I'm getting errors.  Basically we copied the source
> tar file, pam-0.72-6.src.rpm, from the CD, untarred and tried to
> make.  We're getting the following errors, any help would be great.
> 
> Thanks, Kelli
> 
> make[2]: Entering directory `/usr/local/src/pam-0.72/modules/pam_access'
> mkdir -p ./dynamic
> make[2]: Leaving directory `/usr/local/src/pam-0.72/modules/pam_access'
> make[2]: glib-config: Command not found
> make[2]: Entering directory `/usr/local/src/pam-0.72/modules/pam_console'
> make[2]: glib-config: Command not found
> mkdir -p ./dynamic
> make[2]: glib-config: Command not found
> make[2]: glib-config: Command not found
> gcc  -DPAM_READ_BOTH_CONFS -D_GNU_SOURCE -DLINUX_PAM  -Wall -Wpointer-arith 
> -Wcast-qual -Wcast-align -Wtraditional -Wstrict-prototypes -Wmissing-prototy
> pes -Wnested-externs -Winline -Wshadow -fPIC -Dlinux -DPAM_DYNAMIC   -c
> pam_console.c -o dynamic/pam_console.o
> make[2]: glib-config: Command not found
> pam_console.c:23: warning: `/*' within comment
> pam_console.c:27: glib.h: No such file or directory
> In file included from pam_console.c:39:
> pam_console.h:7: glib.h: No such file or directory
> In file included from pam_console.c:475:
> chmod.c:35: glib.h: No such file or directory
> In file included from chmod.c:37,
>                  from pam_console.c:475:
> chmod.h:1: glib.h: No such file or directory
> In file included from pam_console.c:477:
> config.l:12: glib.h: No such file or directory
> In file included from pam_console.c:478:
> config.y:9: glib.h: No such file or directory
> make[2]: *** [dynamic/pam_console.o] Error 1
> make[2]: Leaving directory `/usr/local/src/pam-0.72/modules/pam_console'
> make[1]: *** [all] Error 1
> make[1]: Leaving directory `/usr/local/src/pam-0.72/modules'
> 
> 
> 
> -----Original Message-----
> From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On
> Behalf Of Steve Langasek
> Sent: Monday, September 18, 2000 5:38 PM
> To: pam-list@redhat.com
> Subject: Re: md5 hashing on passwords?
> 
> 
> On Mon, 18 Sep 2000, Kelli Wolfe wrote:
> 
> > I'm beginning to suspect that my RedHat 6.2 installation
> > isn't really supporting MD5 hashing on the passwords, even
> > though I specified MD5 at install as well as on the
> > password lines of the PAM files.  Is there a way to
> > verify this theory?
> 
> RedHat supports MD5 passwords natively through glibc.  However...
> 
> > If I try to change my password to something greater than
> > 18 chars in length, I get the message "BAD PASSWORD: is
> > too similiar to the old one".  Bad spelling aside, this
> > seems to be a bogus message because the new password is
> > totally different.  If I enter it with 18 or less chars,
> > the password is accepted.
> 
> I had a look at the pam_cracklib source, and the logic in the function
> similiar() looks quite screwy to me: if you have a 5-character password, and
> you try to change it to a 40-character password, the passwords will be
> declared "too similar" if 3 of the letters from the old password show up in
> the new password?
> 
> I'm attaching a patch which makes pam_cracklib nicer to people who are
> making
> their new passwords longer.  This may or may not be the Right Thing, but it
> seems better than the status quo.  Andrew, how do you feel about this
> change?
> 
> For those who don't feel like patching PAM on their systems, there's also
> the
> option of adding a 'difok=' option to the pam config, which specifies the
> minimum number of characters that must be different between old and new
> passwords.  So for example,
> 
> password	required	/lib/security/pam_cracklib.so difok=5
> 
> specifies that if at least 5 of the characters in the old password do NOT
> appear in the new password, it will be accepted.
> 
> > My shadow file has a password entry like this:
> > 	:$1$s6cSJvNT$PSJJzm/IaL/LnbJJr0qc..:
> > Which if I'm understanding correctly, is supposed to be
> > MD5 because of the $1$ in the salt portion...?  What I'm
> > trying to do is put MD5 passwords in my LDAP directory,
> > but I can't find a true MD5 password.
> 
> These are MD5 passwords, yes.  IIRC, LDAP doesn't use the same format for
> md5
> passwords as that used in /etc/shadow.  It seems to me that this is more of
> an
> LDAP question than a PAM question, though.
> 
> Steve Langasek
> postmodern programmer
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
> 

----------------
Running on Linux 2.4
Michael A. Dietz
mad099@dietznet.net
References:
- RE: md5 hashing on passwords?
  - From: "Kelli Wolfe" <kelli@inlet.com>
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []