Date: Tue, 10 Feb 2015 07:26:07 -0500 From: "Derek (freebsd lists)" <482254ac@razorfever.net> To: freebsd-security@FreeBSD.org Cc: delphij@FreeBSD.org, John-Mark Gurney <jmg@funkthat.com>, "A.J. Kehoe IV \(Nanoman\)" <nanoman@nanoman.ca> Subject: [patch] libcrypt & friends - modular crypt format support in /etc/login.conf Message-ID: <54D9F8DF.7070904@razorfever.net>
next in thread | raw e-mail | index | archive | help
Hello! I've been working on this for a while, and I've produced a patch that does a few things with the base system: 1. allows modular crypt to be specified as passwd_format in /etc/login.conf - this allows setting the algorithm *and rounds*, i.e. $2b$10$ for users of varying classes. - this will allow any future algorithms and parameters supported by crypt(3) to be supported by the tools around login.conf 2. introduces a new api, crypt_makesalt which will generate an appropriate salt for any algorithm selected 3. updates userland to use this API, and removes totally the {crypt_set_format, login_setcryptfmt, login_getcryptfmt} APIs 4. switches crypt algorithms to use thread-local storage, so the good old global crypt buffer is thread-local 5. includes a bunch of new test vectors for libcrypt ATF tests There are references to previous discussions/patches/etc here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182518 http://docs.freebsd.org/cgi/getmsg.cgi?fetch=168499+0+/usr/local/www/db/text/2013/freebsd-current/20131006.freebsd-current http://docs.freebsd.org/cgi/getmsg.cgi?fetch=361757+0+/usr/local/www/db/text/2014/freebsd-current/20140112.freebsd-current And most recent discussion here: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1751919+0+archive/2014/freebsd-current/20140716.freebsd-current Anyways, I've put a bunch of work into this, and am anxious to actually get this accepted into -HEAD. What more can I do at this point? A patch against current is in the original PR/"bug": https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182518 Thanks, Derek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54D9F8DF.7070904>