Hello, In Linux-PAM-1.0.2 libxcrypt the preferred crypto library. However, the source files include 'crypt.h' instead of 'xcrypt.h'. In consequence, crypt from libcrypt is used and blowfish, sha256, sha512 support is lost if the system uses glibc < 2.7. I also noticed that blowfish is not supported as encryption algorythm for new passwords in Linux-PAM. Is there any specific reason for that? Patch to add full blowfish support were welcomed? ;-) diff -ru Linux-PAM-1.0.2-orig/configure.in Linux-PAM-1.0.2-xcrypt/configure.in --- Linux-PAM-1.0.2-orig/configure.in 2008-08-29 10:13:38.000000000 +0200 +++ Linux-PAM-1.0.2-xcrypt/configure.in 2008-09-05 12:54:30.000000000 +0200 @@ -430,7 +430,7 @@ AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h) -AC_CHECK_HEADERS(crypt.h) +AC_CHECK_HEADERS(xcrypt.h crypt.h) dnl For module/pam_lastlog AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h) diff -ru Linux-PAM-1.0.2-orig/modules/pam_cracklib/pam_cracklib.c Linux-PAM-1.0.2-xcrypt/modules/pam_cracklib/pam_cracklib.c --- Linux-PAM-1.0.2-orig/modules/pam_cracklib/pam_cracklib.c 2008-03-05 21:21:38.000000000 +0100 +++ Linux-PAM-1.0.2-xcrypt/modules/pam_cracklib/pam_cracklib.c 2008-09-05 13:00:29.000000000 +0200 @@ -37,7 +37,9 @@ #include "config.h" #include <stdio.h> -#ifdef HAVE_CRYPT_H +#ifdef HAVE_XCRYPT_H +# include <xcrypt.h> +#elif defined(HAVE_CRYPT_H) # include <crypt.h> #endif #include <unistd.h> diff -ru Linux-PAM-1.0.2-orig/modules/pam_unix/bigcrypt.c Linux-PAM-1.0.2-xcrypt/modules/pam_unix/bigcrypt.c --- Linux-PAM-1.0.2-orig/modules/pam_unix/bigcrypt.c 2008-01-24 17:42:59.000000000 +0100 +++ Linux-PAM-1.0.2-xcrypt/modules/pam_unix/bigcrypt.c 2008-09-05 12:59:02.000000000 +0200 @@ -29,7 +29,9 @@ #include <string.h> #include <stdlib.h> #include <security/_pam_macros.h> -#ifdef HAVE_CRYPT_H +#ifdef HAVE_XCRYPT_H +#include <xcrypt.h> +#elif defined(HAVE_CRYPT_H) #include <crypt.h> #endif diff -ru Linux-PAM-1.0.2-orig/modules/pam_unix/passverify.c Linux-PAM-1.0.2-xcrypt/modules/pam_unix/passverify.c --- Linux-PAM-1.0.2-orig/modules/pam_unix/passverify.c 2008-01-28 14:20:29.000000000 +0100 +++ Linux-PAM-1.0.2-xcrypt/modules/pam_unix/passverify.c 2008-09-05 12:59:40.000000000 +0200 @@ -19,7 +19,9 @@ #include <sys/time.h> #include <sys/stat.h> #include <fcntl.h> -#ifdef HAVE_CRYPT_H +#ifdef HAVE_XCRYPT_H +#include <xcrypt.h> +#elif defined(HAVE_CRYPT_H) #include <crypt.h> #endif diff -ru Linux-PAM-1.0.2-orig/modules/pam_userdb/pam_userdb.c Linux-PAM-1.0.2-xcrypt/modules/pam_userdb/pam_userdb.c --- Linux-PAM-1.0.2-orig/modules/pam_userdb/pam_userdb.c 2006-06-17 18:44:58.000000000 +0200 +++ Linux-PAM-1.0.2-xcrypt/modules/pam_userdb/pam_userdb.c 2008-09-05 12:58:11.000000000 +0200 @@ -17,7 +17,9 @@ #include <sys/stat.h> #include <fcntl.h> #include <errno.h> -#ifdef HAVE_CRYPT_H +#ifdef HAVE_XCRYPT_H +#include <xcrypt.h> +#elif defined(HAVE_CRYPT_H) #include <crypt.h> #endif Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
