[Pam-mysql-general] reading the pam_mysql source...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi there,

reading the pam_mysql source code, I found following:

***
The code for MD5-passwds is useless as it is in the current CVS version (=
on 20030124).
Because the databases passwd column is defined to be 16 chars long:
  [line 64]	char dbpasswd[17];
A MD5 passwd has 34 chars (12 salt + 22 cryptedpasswd) and therefor needs=
 "char dbpasswd[35];".
The fact of the too small / hard coded field sizes has allready been poin=
ted out in BUG#[ 641632 ].

***
  [line  610]  /* Global PAM functions stolen from other modules */
  [...]
  [line 1226]  struct pam_module _pam_permit_modstruct =3D {
  [line 1227]      "pam_permit",
It's ok "stealing" as long it's GPL or similar, but...
some checks/changements have to be done.
According to
  http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_modules-5.h=
tml#ss5.4
 "The Linux-PAM Module Writers' Guide",
there has to be the modulename as it apears in the fs.
Here, you've (I mean the programmer) left the code of the "pam_permit" mo=
dule, from which - potentially - the code has been copied.
Replace "permit" with "mysql" (twice) ;-)

As project for my "Bachelor of Science in Computer Science", I'm supposed=
 to develop an improved pam_mysql module.
(more functionalities like session, account mgmt, more cb fields, easy to=
 change users passwd,... in the db (ev. GUI), etc.)

blers sal=FCds,
_________=20
Florian Verdet
GnuPG: fvg.zapto.org/informatica/gpg.php
=2E