RE: saslauthd -a ldap ( possible BO / bug with long userpassword strings ? )


Subject: RE: saslauthd -a ldap ( possible BO / bug with long userpassword strings ? )
From: Howard Chu (hyc at highlandsun dot com)
Date: Wed Apr 16 2003 - 10:55:15 EDT


> -----Original Message-----
> From: Igor Brezac [mailto:igor at ipass dot net]

> On Wed, 16 Apr 2003, Howard Chu wrote:
> > > -----Original Message-----
> > > From: owner-cyrus-sasl at lists dot andrew dot cmu dot edu
> > > [mailto:owner-cyrus-sasl at lists dot andrew dot cmu dot edu]On Behalf
> Of Igor Brezac
> >
> > > > dn: uid=test,dc=testdomain,dc=com
> > > > modify userpassword
> > > > userpassword: {crypt}$1$cnd5NASV$hOHd2091l3Ui.pxHUA0dm0
> > >
> > > This is not crypt hash (unix crypt hash has 13 characters).
> >
> > Some newer versions of Unix (and Linux) crypt() use MD5
> hashes as above
> > instead of DES. The above string would be valid on such a platform.
> >
>
> Shouldn't those hashes be prefixed with {MD5} or
> {SMD5}?

No, none of those are compatible encodings. The "{crypt}" specifier means
"whatever algorithm this hosts's crypt() library uses", it no longer just
means Unix/DES. And MD5-based crypt() is definitely not the same as {MD5} or
{SMD5}.

  -- Howard Chu
  Chief Architect, Symas Corp. Director, Highland Sun
  http://www.symas.com http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD