I've been spending some time (under uClibc) using Roberts blowfish/shadow patch instructions.
The only problems I have had was 1) ssh not logging on 2) shadow was leaking memory I generally have used Linux-PAM as I feel it adds more security (minus the fact that it is extra code and increases "potential" security problems), such as simple ldap support. While trying to fix shadow and ssh, I decided to remove the shadow-blowfish patch as well as the uClibc patch that removes the normally compiled and installed libcrypt.so* files. Once I did this, I had forgotten to change my Linux-PAM files in /etc/pam.d/ to md5 from blowfish. After I booted and logged into the system using a pre-built passwd/shadow files where I once again forgot to change them to md5 format. This occured to me after I logged in. So, naturally, I thought I screwed up and forgot to make the changes in the correct places. I did afterall leave libxcrypt in the installation process. Turns out Linux-PAM supports blowfish passwords. I was not aware of this, and this may be quite useful to point out in the blowfish hint Robert has made. This also gives me another reason to push Linux-PAM onto the Hardened LFS package listings. I still have and use a uClibc patch to make Linux-PAM work under uClibc that I made for Linux-PAM 0.80. It has been adapted for Linux-PAM 0.99.7.0 quite nicely. Blowfish passwords without any extra patches to make blowfish work seems nice and feels quite safer to me than a patch to shadow. (and I am still not clear what was causing shadow's memory leak, but it's coincidental timing makes me suspect the shadow blowfish patch, but I have no real or strong argument to say so other than valgrind pointing to the shadow library amongst other leaks) -- Kevin Day -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
