[ale] Password hashes bent

Joe Knapka jknapka at charter.net
Wed Jul 26 00:05:06 EDT 2000


FYI, if anyone else has similar problems:

I finally got OpenSSH working. There were a couple of
problems, the nastiest of which was that I had recently
install BIND 8.2.2, which installs some of its own
header files over the system ones (if you configure it
to do so, which I stupidly did). That's what was
causing my build problems (unresolved symbols
__inet_aton() et al); linking with -lbind fixed that.

Possibly for the same reason (BIND), the getnameinfo()
function in glibc 2.1.3 doesn't work. So I had to
remove "#define HAVE_GETNAMEINFO" from config.h after
configuring OpenSSH.

I suspect that my solutions to both of these issues
were wrong -- it would probably be better to reinstall
the glibc header files that BIND stomped on. I might
try that later.

Finally, there's something weird about PAM on Slack 7.1.
I don't think it's actually installed, but OpenSSH's
configure script apparently thinks it is. So I had to
do ./configure --without-pam --with-md5-passwords to
get authentication to work properly.

Bye,

-- Joe

Joe Knapka wrote:
> 
> Thanks for the info. It all makes sense, but unfortunately
> fixing things is non-trivial. What I think I need to do is
> just configure and build OpenSSH with the appropriate
> options enabled. But so far, I have not been able
> to get any version of OpenSSH to both build and run on
> Slack 7.1. Either I get unresolved externals (inet_addr()
> and other inet_ functions), or else sshd dies immediately
> on startup because getnameinfo() fails.
> 
> Is anyone else using any version of OpenSSH on Slack 7.1?
> 
> -- Joe
> 
> Joe Steele wrote:
> >
> > A little info:
> >
> > There are two versions of crypt  -- the old version
> > (before glibc-2) only used DES while the newer version
> > can use DES or MD5.  The newer version will use MD5 if
> > it is given a salt beginning with "$1$", otherwise it
> > uses DES.  The MD5 result begins with "$1$" and is
> > 26-34 characters long (depending on the salt length).
> > The DES result is 13 characters long.
> >
> > Another twist is that glibc-2 doesn't include the DES
> > capability except as an add-on.  Likewise, Slackware
> > offers the DES-capable crypt package as an add-on (see http://www.slackware.com/packages/index.php3?version=7.1&series=des).
> > Without it, only MD5-crypt is possible -- If the salt
> > doesn't begin with "$1$", crypt returns with NULL and
> > error code EOPNOTSUPP.
> >
> > I don't know if any of this helps.  The obvious answer
> > (which you apparently have eliminated) would be that if
> > a program was linked to the older version of crypt (from
> > libc5), then authentication would fail.
> >
> > --Joe
> >

-- 
*** Joseph A. Knapka ***
A random fortune:
"Eat, drink, and be merry, for tomorrow you may work."

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list