All,
Apologies for the attachment/in-line screwup.
r
-------- Original Message --------
From: Armaghan Saqib <[email protected]>
Subject: Re: Well, you can learn something new every day
To: Reed Loefgren <[email protected]>
Hi Reed,
Thanks a lot for your email.
Could you kindly send it to [email protected] so that it
can benefit those people who are using FreeBSD.
Thanks again and my best regards.
Armaghan
--
http://www.ledger123.com/
On Sun, Sep 26, 2010 at 3:17 PM, Reed Loefgren
<[email protected]> wrote:
Armaghan,
Today, because I just learned how to do it, I changed my FreeBSD systems so
that they would use blowfish encryption rather than md5. After doing so I
was unable to log in to either one of my ledger123 installations (both
local). No manner of monkeying around, including changing ledger123
passwords after the switch, seemed to help.
This is what I found out, but I know no perl and have not crawled the
ledger123 code so it is just supposition on my part, and is as far as I know
relative to FreeBSD only.
Open a terminal and log in as root. Keep this terminal open!
To use blowfish encryption, in another terminal you alter /etc/login.conf
from:
default:\
:passwd_format=md5:\
:copyright=/etc/COPYRIGHT:\
to this:
default:\
:passwd_format=blf:\
:copyright=/etc/COPYRIGHT:\
Then you do:
cap_mkdb /etc/login.sh
Then you change your passwords so that the current md5 password hash is
re-created using the blowfish algorithm or you won't be able to log in
(yikes!) This is the reason for keeping a bail-out root login on-hand as
above. Everything is fine up to here. What I had done based on the
instructions I was using is I also changed /etc/auth.conf from:
# crypt_default = md5 des
to:
# crypt_default = md5 des
crypt_default = blf
This apparently causes the system to use blowfish for *all* encryption and
that appears to break ledger123's perl code dealing with user logins. I have
commented out the crypt_default line again (I might try setting it to 'md5')
and replaced the ledger123 folder with a new copy (I have only two users to
re-enter) and everything is OK so far: Blowfish for system logins and md5
for "internal" encrypted application logins in userspace.
My purpose in this letter is to issue a heads-up in case someone shoots
themselves in the foot as I did and also because there have been namespace
collisions demonstrated in md5 hashes. There are none, to the best of my
knowledge, in blowfish hashes. It might make for a nice addition to
ledger123/sql-ledger to allow or mandate blowfish encryption if there is
perl to support that.
Thanks for the changes you're applying to sql-ledger, and kindest regards
r
_______________________________________________
SQL-Ledger mailing list
[email protected]
http://lists.ledger123.com/mailman/listinfo/sql-ledger
