From: Florian V. <flo...@un...> - 2003-01-25 17:13:38
|
Hi there, reading the pam_mysql source code, I found following: *** The code for MD5-passwds is useless as it is in the current CVS version (= on 20030124). Because the databases passwd column is defined to be 16 chars long: [line 64] char dbpasswd[17]; A MD5 passwd has 34 chars (12 salt + 22 cryptedpasswd) and therefor needs= "char dbpasswd[35];". The fact of the too small / hard coded field sizes has allready been poin= ted out in BUG#[ 641632 ]. *** [line 610] /* Global PAM functions stolen from other modules */ [...] [line 1226] struct pam_module _pam_permit_modstruct =3D { [line 1227] "pam_permit", It's ok "stealing" as long it's GPL or similar, but... some checks/changements have to be done. According to http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_modules-5.h= tml#ss5.4 "The Linux-PAM Module Writers' Guide", there has to be the modulename as it apears in the fs. Here, you've (I mean the programmer) left the code of the "pam_permit" mo= dule, from which - potentially - the code has been copied. Replace "permit" with "mysql" (twice) ;-) As project for my "Bachelor of Science in Computer Science", I'm supposed= to develop an improved pam_mysql module. (more functionalities like session, account mgmt, more cb fields, easy to= change users passwd,... in the db (ev. GUI), etc.) blers sal=FCds, _________=20 Florian Verdet GnuPG: fvg.zapto.org/informatica/gpg.php =2E |