Burton,I suppose that the crypt() function itself could be sensitive to the setting in /etc - but all ntop does is use the function. If that's what's going on, then maybe you changed the setting after the values were stored? That could account for the problem. Not that you're the 1st, just the 1st to CHANGE the setting without recreating ntop_pw.db...
I posted dumpgdbm a long time ago... http://article.gmane.org/gmane.linux.ntop.general/3557
-----Burton
I agree that the crypt function is sensitive to the setting in /etc/auth.conf.
My question is just this: Different ciphers will return different lengths via crypt().
Des is a mere 13 characters long, as far as I can see from the output of dumpgdbm this is the same length
as the password field in the ntop_pw.db file. md5 and blf, however, are 32 and 60 characters in length.
The point I try to make is that there will only be 13 characters of the encrypted password stored in the
ntop_pw.db file, while the actual length of the password is actually 60 characters if you use the blowfish setting
and 32 characters if you use the md5 setting.
What I would like to know is, wheather ntop is smart enough to work with this feature (bug?) and only validate
the password it receives back from crypt() using ONLY the same length of crypted password as the password
stored in the database). Let me be more clear:
From database:
password: password + crypt() = $2a$04$9u...I
BUT
From web, passed via crypt()
password: password + crypt() = $2a$04$9NTXCQcC4q0gp56ELiEzdOv17.yyWopf0.Y9U4bpMoGg2FtvVSMW.
Now, would NTop accomodate for that? Or would it try to match the exact result of the 2 passwords ?
I hope I made myself more clear?
dumpgdbm shows me the following output, after setting the password to `password' with blowfish crypt():
mainframe# ./dumpgdbm /usr/local/var/ntop/ntop_pw.db 1admin
1admin: '$2a$04$9u...I'
Which is actually wrong if I am not mistaken?
Take care Jaco _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
