From: Moriyoshi K. <mor...@at...> - 2008-09-15 17:56:46
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Devendra, Thanks for the contribution. The list is alive, but I had been away for more than a couple of years due to kind of hard times in my jobs :) Patch looks fine except the part using strcat(). As we should've already known the lengths of the strings to concatenate up to there, so memcpy() will suffice. By the way, I've been convinced by a number of people for years that some flexible querying mechanism should be implmented so that one can send a SQL like SELECT * FROM user WHERE cred=MD5("%u::%p") But this also allows users to easily shoot their own foot off. Regarding the example above, hashing of the credentials is performed on the MySQL side and this might be insecure unless safe connection is established between pam_mysql and the MySQL server through SSL or something like that. That's especially why I hesitate to enable this in the next release. Regards, Moriyoshi Devendra Gera wrote: > Hi, > We at Chaupaati wanted a trac deployment and pam_mysql seemed to provide > a glue which would enable to share auth information with other > components like shhd and openvpn. > > The problem was that the AccountManager plugin for Trac uses HTTP Digest > style hashes, which is base64(MD5("username::password")), since the > realm is empty. pam_mysql - as you surely know does not hash passwords > that way. So I wrote a patch based on 0.7RC1 downloaded from > sourceforge. > > I know it might not be terribly useful unless you're using Apache or the > AccountManager plugin with Trac, but it was useful for us and it might > be useful for others. > > Please let me know if the patch is not well formed, or does not confirm > to your style. I'd be happy to change any of that, or add more > configuration options (like realm - _that_ will make it more useful!). > > Please consider it as a first draft. > > Btw, I looked for the pam_mysql mailing list but the last real message > on it was more than a year ago. All you get there today is spam. > > Thanks, > > --gera. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIzqHnn2kh0Fq4e48RAmxpAJwIaIs3T8WG9BgiYgffzU6a93mlkACgjhks W8LNmRMo4msU7IfWdFsY3h4= =1IWS -----END PGP SIGNATURE----- |