between md5-digest and md5-cram (is that right?) there is enough discrepancies on what hash algoritm is supported by the different OSes, that I tend to steer clear of of using MD5. Rather, use crypt and SSL streams or sha5 and ssl. Its a preference and not necessarily a justifiable position, but it does solve a lot of issues I ran into. On Wed, 21 Mar 2001, Wil Cooley wrote: > Thus spake Paulo Matos: > ... > > > > Note that the above called "Auth Process" was done with several > > applicationss using pam.d files included with pam_ldap-98. > > > > So what happens? Why does it work with 'crypt password' and does > > not work with 'md5 passwd' in scenario 1 and both work in scenario 2? > > > > Does anyone have a similar problem? How can an ACL on slapd.conf > > cause such behavior?! It does not make any sense... > > > > How exactly is done the password verification?! > > > > Is this a problem from pam_ldap or openssl? > > I believe the problem you are seeing is the same I ran into a few weeks ago. > The problem is that the crypt() function from OpenSSL doesn't support the MD5 > extension. See my posts here for more information: > > http://www.openldap.org/lists/openldap-software/200103/msg00114.html > > Note that the solution of re-ordering libraries doesn't seem to have > worked consistently; probably the best is to have users change their > passwords. > > Wil > -- > W. Reilly Cooley wcooley@nakedape.cc > Naked Ape Consulting http://nakedape.cc > LNXS: Linux/GNU for servers, networks, and http://lnxs.org > people who take care of them. *Now with integrated crypto!* > irc.openprojects.net #lnxs > > The penalty for laughing in a courtroom is six months in jail; if it > were not for this penalty, the jury would never hear the evidence. > -- H. L. Mencken >
Attachment:
pgp00010.pgp
Description: PGP signature
