On Tue, Oct 17, 2000 at 02:47:14PM -0400, Nalin Dahyabhai wrote: > Since shipping our most recent release using pam_unix instead of pam_pwdb, > we've gotten reports from users having problems authenticating using NIS > servers running on HP/UX. It looks like the the pw_passwd or sp_pwdp > fields have additional data in them, which is marked by appending a comma > to the real data (similar to the way the gecos information is formatted). > > Given that md5 crypt() allows commas in the salt, would the right way to > work around this be to use strncmp() instead of strcmp() to compare the > hashed values for md5 passwords, and to terminate the copy read from the > file at the first comma for other (crypt/bigcrypt) cases? > > Nalin These "extensions" date back to the late 1970's and PWB Unix 1.0. They relate to password aging. The passwords use regular crypt(). If your getpw*() functions don't terminate at the comma, then you can either use strncmp() or replace the commas with NULs in-line [but beware of any other problems that may cause]. It may be that there are other functions of which I'm unaware that handle this transparently. -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/
