Re: md5/des ?

2003-11-13 Thread Uwe Doering 
Oles Hnatkevych wrote:
Hello!

/usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
But /usr/sbin/adduser creates users with DES encrypted passwords.
How do I make it use MD5 instead of DES? Seems like it's perls crypt()
problem, and the DES is the default...
In case you're running FreeBSD 4.x, please see the attached patch.  I 
pulled it from the Internet some time ago and subsequently improved it 
slightly, as far as I recall.  With this patch applied 'adduser' honors 
the 'passwd_format' parameter in '/etc/login.conf'.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
--- src-4.5-RELEASE/usr.sbin/adduser/adduser.perl   Wed Nov 21 02:46:56 2001
+++ src/usr.sbin/adduser/adduser.perl   Wed Apr  9 11:41:17 2003
@@ -26,6 +26,7 @@
 #
 # $FreeBSD: src/usr.sbin/adduser/adduser.perl,v 1.44.2.3 2001/10/15 13:43:18 dd Exp $
 
+use DB_File;
 
 # read variables
 sub variables {
@@ -687,6 +688,7 @@
 local($userhome);
 local($groupmembers_bak, $cryptpwd);
 local($new_users_ok) = 1;
+local($salt_extended);
 
 
 $new_groups = no;
@@ -712,7 +714,10 @@
$new_users_ok = 1;
 
$cryptpwd = ;
-   $cryptpwd = crypt($password, salt) if $password ne ;
+   $salt_extended = passwd_format_prefix($class);
+   $salt_extended .= salt;
+   $cryptpwd = crypt($password, $salt_extended) if $password ne ;
+
# obscure perl bug
$new_entry = $name\: . $cryptpwd .
\:$u_id\:$g_id\:$class\:0:0:$fullname:$userhome:$sh;
@@ -786,11 +791,36 @@
 return @array;
 }
 
+# determine and return salt prefix depended on login_class given
+sub passwd_format_prefix {
+local($class) = shift;
+local(%hash,$v);
+local($ret) = ;
+
+tie %hash, 'DB_File', /etc/login.conf.db, O_RDONLY, 0644, $DB_HASH ||
+   return ;
+
+$class = default if($class eq );
+if (exists($hash{$class})) {
+   $v = $hash{$class};
+   $v =~ /passwd_format=([a-z0-9]*):/;
+   if ($1 eq 'md5') {
+   $ret = \$1\$;
+   } elsif ($1 eq 'blf') {
+   $ret = \$2\$;
+   }
+}
+
+untie %hash;
+
+return $ret;
+}
+
 # see /usr/src/usr.bin/passwd/local_passwd.c or librcypt, crypt(3)
 sub salt {
 local($salt);  # initialization
 local($i, $rand);
-local(@itoa64) = ( '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
+local(@itoa64) = ( '.', '/', '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
 
 warn calculate salt\n if $verbose  1;
 # to64
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: md5/des ?

2003-11-12 Thread Matthew Seaman 
On Wed, Nov 12, 2003 at 01:23:35PM +0200, Oles Hnatkevych wrote:

 /usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
 But /usr/sbin/adduser creates users with DES encrypted passwords.
 How do I make it use MD5 instead of DES? Seems like it's perls crypt()
 problem, and the DES is the default...

It's not the perl crypt() function, as that just mirrors the behaviour
of the underlying libc crypt(3) function.  Try these commands and
you'll see how things work:

Traditional DES:

% perl -le 'print crypt(password, xx)'

Extended DES:

% perl -le 'print crypt(password, _xx)'

Modular ($1$ = MD5)

% perl -le 'print crypt(password, \$1\$xx)'

ie. The format of the salt supplied to crypt controls the algorithm used.

You're right however that the adduser(8) command will always generate
a DES encrypted password hash.  Unfortunately it's programmed so that
it can't do anything else -- plus it uses srand() on a combination of
the PID, the date and some other data to seed the RNG, which used to
be a reasonable idea, but now that we have /dev/random is much less
so.

Use 'pw useradd' command instead.  See pw(8) -- this is a much more
capable program for manipulating user and group accounts, and it
doesn't suffer from the drawbacks you've noted.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

Re: md5/des ?

2003-11-12 Thread Shantanoo Mahajan 
+++ Oles Hnatkevych [freebsd] [12-11-03 13:23 +0200]:
| Hello!
| 
| /usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
| But /usr/sbin/adduser creates users with DES encrypted passwords.
| How do I make it use MD5 instead of DES? Seems like it's perls crypt()
| problem, and the DES is the default...
| 
| 
| --

man login.conf | grep passwd_format -A 5

Regards,
Shantanoo
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]