From owner-freebsd-ports@FreeBSD.ORG Thu Jun 17 18:21:47 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DE6A16A4D0 for ; Thu, 17 Jun 2004 18:21:47 +0000 (GMT) Received: from angryfist.fasttrackmonkey.com (angryfist.fasttrackmonkey.com [216.223.196.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id A037643D41 for ; Thu, 17 Jun 2004 18:21:44 +0000 (GMT) (envelope-from spork@fasttrackmonkey.com) Received: (qmail 21162 invoked by uid 2003); 17 Jun 2004 18:20:01 -0000 Received: from spork@fasttrackmonkey.com by angryfist.fasttrackmonkey.com by uid 1001 with qmail-scanner-1.20 (clamscan: 0.65. Clear:RC:1(216.220.116.154):. Processed in 0.301504 secs); 17 Jun 2004 18:20:01 -0000 Received: from unknown (HELO toad.nat.fasttrackmonkey.com) (216.220.116.154) by 0 with DES-CBC3-SHA encrypted SMTP; 17 Jun 2004 18:20:00 -0000 Date: Thu, 17 Jun 2004 14:21:21 -0400 (EDT) From: Charles Sprickman X-X-Sender: spork@toad.nat.fasttrackmonkey.com To: freebsd-ports@freebsd.org Message-ID: <20040617140830.G731@toad.nat.fasttrackmonkey.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: anders@freebsd.org Subject: pam-mysql and blowfish X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 18:21:47 -0000 Hi, This is kind of my last shot at this... It seems the pam-mysql project is pretty much abandoned. There are some recent patches, but no one to integrate them, and pretty much zero traffic on the mailing list. I've been doing some testing here, and while it generally seems to work, it doesn't handle blowfish encrypted passwords, which seems a bit odd. Every other piece of authentication software I've played with (vpopmail, radius, etc.) seems to just "automagically" work with blowfish since Freebsd's crypt() understands blowfish. Not knowing much C, it appears to me that the author has kind of hacked together things himself rather than rely on some of the built-in crypt functions. For example, this is one reason it doesn't work with blowfish: if (strncmp("$1$", row[0], 3) == 0) { /* A MD5 salt starts with "$1$" and is 12 bytes long */ strncpy(salt, row[0], 12); salt[12] = '\0'; } else { /* If it's not MD5, assume DES and a 2 byte salt. */ strncpy(salt, row[0], 2); salt[2] = '\0'; } Is there anyone that would like to take this on? If not, I'm thinking of having someone try to "BSD-ify" this to avoid things like the above and rely on our own crypt lib. If that's the case, does anyone have some pointers as to where to start? What's some good example code to look at? I'd appreciate direct cc:'s on this, I'm already sub'd to too many FBSD lists at the moment to add another. :) Thanks, Charles