[dev] passwd - crypt-md5
Max Kalika
max at lsit.ucsb.edu
Wed Apr 23 15:19:59 PDT 2003
Quoting "amith at xalan.com" <amith at xalan.com>:
> This is what I suggested the first time. However, I don't understand how
> one SQL backend might need it and another might not. I mean, its PHP
> that is reading the info out of the database. unless seperate drivers
> are made for specific databases, you shouldn't have this problem.
> I would add a new type called crypt-md5 (if i understand correctly you are
> saying that the password uses crypt and then md5 on top of that?) I
> wouldn't change the default because i'm pretty sure there are other
> backends that use it.
No, it is the standard system crypt but with a 12 character salt instead of
2 characters used for DES. Most linux systems use this scheme for crypting
passwords into /etc/shadow. What Ian and I are talking about is moving
/etc/shadow "wholesale" into a mysql database and using the nss_mysql
package to tell the system to look up users/groups/shadow stuff in a
"mysql" service instead of "files" (configured in /etc/nsswitch.conf).
Currently the Horde passwd package assumes 'crypt' encryption means the old
DES -- 2 character salt -- encryption. By adding crypt-md5 as another
encryption mechanism, we can use the 12 character salt. But in either
case, it doesn't seem to make much sense for the SQL driver to prepend
{crypt} (or {crypt-md5}) to the encrypted password. AFAIK, only LDAP needs
that. But just so that we're not too restrictive, having this as a backend
parameter seems to be the optimal way to go.
---max kalika
--max at lsit.ucsb.edu
-lsit systems administrator
More information about the dev
mailing list