From owner-freebsd-security Wed Oct 6 10:22:49 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 7775815729; Wed, 6 Oct 1999 10:22:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6A9501CD432; Wed, 6 Oct 1999 10:22:28 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Wed, 6 Oct 1999 10:22:28 -0700 (PDT) From: Kris Kennaway To: Valentin Nechayev Cc: freebsd-security@freebsd.org Subject: Re: Long username/password In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 6 Oct 1999, Valentin Nechayev wrote: > > No. Unless you make a trivial change to passwd(1). Adding a command-line > > switch to do this would probably be a welcome feature. > > Possibly, not command-line switch - this should be host policy. > I'd prefer something similar to /etc/malloc_options. > It is quite easy to read link. Aarg, dangling symlinks are EVIL! :) The malloc.conf one is only done for efficiency because it's read so often. The right way to do this is by login class in login.conf, but it's slightly less trivial to implement (i.e. not a 2-line patch), and this is only intended as a temporary fix for convenience so people can actually do this without having to munge their system by hand, until we can get a better replacement in. > P.S. There were some rumours about totally new libcrypt. What is the > state of it? http://www.physics.adelaide.edu.au/~kkennawa/crypt-990725.tar.gz I've been told there's a missing header file or something which prevents it from compiling, but haven't looked into that. Modulo compilation issues, as far as I know, it's quite functional except for not allowing plugin modules for statically-linked binaries (only supports the builtin DES and MD5 schemes as now). What I'll probably have to do now that I'm in the ITARed States of America is remove the Blowfish/DES modules from my official distribution, and rely on someone else to keep up with any API changes I make (which shouldn't be major). I might have time to work on this again in a month or so, pending PhD workload. Side note - ideally we'd be able to use dlopen() in the static case as well, which would solve that problem and PAM's (PAM cheats by compiling in a fixed set of modules into the static library, so as far as I know you can't add a new PAM module to a statically-linked binary without recompilation) - I saw an openbsd commit message float past a while back which claimed to provide support for this, but haven't had the chance to look into how (or if) they did it. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message