> Well, I think it would be nice to have getpwnam() be a source for > pam_crypt. Ok. This is priority #2. (After the sshd issue I found last night). I really didn't think many people used non-default nsswitch.conf files, and I've had several people ask me how to easily add non-system accounts for name_your_service. This was my reasoning for not using getpwnam. I definately made a big misjudgement. I'd like to kill this discussion; support will be added before I ask Andrew to include pam_crypt in Linux-PAM. It might even be implemented in pam_crypt-0.0.4; we'll see :). > Also, how do you plan to support password changing? Is it done in a > modular way as well? If so, which modules are available? Pam_crypt already does this :). I think I discussed this in an earlier message but I'll give an overview. Everything dealing with a certain hashing algorithm (md5, des, etc) is handled in a dynamically loadable module specific to that algorithm, including password changing. In case there was confusion, pam_crypt is functional (although in alpha release) and has full support for md5, des, and now openbsd bcrypt. Support is also included for vcblowfish, but I might drop this (mainly at the request of solar designer) for reasons discussed earlier in this thread. I'm sure somebody has started work on an AES (Rijndael) crypt() implementation. Although I wouldn't recommend using this the day it comes out, pam_crypt will provide an excellent way for the author to get people to adopt his algorithm. Take bcrypt for example: OpenBSD uses it. Solar Designer made a glibc patch, but I haven't met anybody that actually uses it. When pam_crypt is more widely used, I can gaurantee you that a lot of people will start using bcrypt on their linux boxes. In fact, I know somebody that does this now with pam_crypt :-). Thanks. You guys have been a huge help in deciding the direction of pam_crypt. I'll be out of town until tuesday night. -Adam Current primary site: http://www.whstechs.org/pam_crypt/ Alternate site: http://seculinux.hackersclub.com/pam_crypt/ PS: What is up with this brazilian auto-responder thing? It is getting extremely anoying. Does anybody else get messages from terra@zaz.com.br whenever they post to the list?
