[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

modular password hashing



Greetings,

Some of you may remember pam_crypt from earlier this year. It was a pam
module that supported multiple password hashing algorithms via loadable
modules. I never developed pam_crypt beyond an alpha release.

It's been a few months and I've had time to think about a lot of things.
In short, I took the feedback I recieved and completely redesigned
everything.


If you would like to take a look, I would enjoy listening to any
comments/flames you may have. The latest tarball can be found at:

  http://www.sunriselinux.com/pwhash/

Ignore the main sunriselinux.com page; we've been so busy working on the
distribution that nobody has bothered to update the web site since
February.


In short:
- completely thread-safe (pam_unix and pam_pwdb are not)
- uses an external library called libpwhash.
- the pam module can replace pam_unix for everything except account
  management (this shouldn't even be in pam_unix anyway)
- password changing is (designed to be) more reliable (read: "secure")
  than pam_unix.
- bcrypt, md5, sha, des (bigcrypt (from DEC) and at&t's des extention)


I have a few people doing some limited beta testing of pam_pwhash, but nis
support is untested and ia32 + linux + glibc is the only tested pkatform
so far. If you find that it does or does not work on a certain platform,
please let me know.


- Adam Slattery





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []