ports/74560: Ports openldap22-* library compilation order causes {crypt}md5 authentication to fail
Cat Okita
cat at reptiles.org
Tue Nov 30 17:40:25 UTC 2004
>Number: 74560
>Category: ports
>Synopsis: Ports openldap22-* library compilation order causes {crypt}md5 authentication to fail
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 30 17:40:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Cat Okita
>Release: 5.3-BETA5
>Organization:
Earthworks
>Environment:
FreeBSD rei.example.com 5.3-BETA5 FreeBSD 5.3-BETA5 #0: Wed Nov 10 15:27:06 EST 2004 root at rei.example.com:/usr/src/sys/i386/compile/REI i386
>Description:
Openldap uses the first available crypt() function when comparing passwords stored as {crypt}<foo>. As currently compiled (-lssl -lcrypto), the first available crypt() function is selected from openssl, which doesn't support md5 - and thus passwords will never match. Changing the compile order to (-lcrypto -lssl) resolves this isssue, and doesn't have any other affect.
>How-To-Repeat:
Compile openldap22-server 'out of the box' and import user passwords from FreeBSD's password file (the PADL scripts work), using "userPassword={CRYPT}[md5 hash]", which is the default setting. Anonymous bind and root bind searches will work - user-bound searches will fail with a "ldap_bind: Invalid credentials (49)" error.
>Fix:
Reverse the order of "-lssl -lcrypto" in the main Makefile.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list