pam-mysql and blowfish

Charles Sprickman spork at
Thu Jun 17 18:21:47 GMT 2004


This is kind of my last shot at this...  It seems the pam-mysql project
is pretty much abandoned.  There are some recent patches, but no one to
integrate them, and pretty much zero traffic on the mailing list.

I've been doing some testing here, and while it generally seems to work,
it doesn't handle blowfish encrypted passwords, which seems a bit odd.
Every other piece of authentication software I've played with (vpopmail,
radius, etc.) seems to just "automagically" work with blowfish since
Freebsd's crypt() understands blowfish.

Not knowing much C, it appears to me that the author has kind of hacked
together things himself rather than rely on some of the built-in crypt
functions.  For example, this is one reason it doesn't work with blowfish:

                if (strncmp("$1$", row[0], 3) == 0) {
                    /* A MD5 salt starts with "$1$" and is 12 bytes long */
                    strncpy(salt, row[0], 12);
                    salt[12] = '\0';
                } else {
                   /* If it's not MD5, assume DES and a 2 byte salt.  */
                   strncpy(salt, row[0], 2);
                   salt[2] = '\0';

Is there anyone that would like to take this on?  If not, I'm thinking of
having someone try to "BSD-ify" this to avoid things like the above and
rely on our own crypt lib.  If that's the case, does anyone have some
pointers as to where to start?  What's some good example code to look at?

I'd appreciate direct cc:'s on this, I'm already sub'd to too many FBSD
lists at the moment to add another. :)



More information about the freebsd-ports mailing list