Date: Wed, 27 Feb 2013 09:24:40 +0100 From: Daniel Cegiełka <daniel.cegielka@...il.com> To: musl@...ts.openwall.com Subject: Re: shadow.h 2013/2/27 Szabolcs Nagy <nsz@...t70.net>: > /etc/shadow requires priviledge escalation for password changes > so putspent is dangerous, pam_unix should be deprecated on > modern systems > > http://www.openwall.com/tcb/ > > (i think this already came up a few times, maybe it should be in a faq..) owl's tcb and musl? It's harder than it seems. 1) __crypt_blowfish() in musl isn't compatible with __crypt_blowfish_rn().. so lack of support for owl's __crypt_gensalt_ra() and crypt_ra/rn() etc. (owl's salt and tcb prefixes): http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/tcb/tcb/pam_tcb/support.c?rev=126.96.36.199;content-type=text%2Fplain 2) nss/rpc/yp - but can be easily removed from the owl's tcb. http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/tcb/tcb/libs/nss.c?rev=1.4;content-type=text%2Fplain http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/tcb/tcb/pam_tcb/yppasswd_xdr.c?rev=1.2;content-type=text%2Fplain 3) owl's shadow+tcb requires pam_userpass which requires libpamc (pam client) from Linux-PAM... but it also can be removed. etc... etc. (pam_chpw.c): http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/shadow-utils/shadow-188.8.131.52-owl-tcb.diff?rev=1.5;content-type=text%2Fplain Currently I'm trying to use OpenPAM with musl, but going to use the owl's tcb (without nss). btw. openpam-modules: http://git.overlays.gentoo.org/gitweb/?p=proj/openpam-modules.git;a=tree;h=821a37ad1a2a084c13ac7c0086bd6d1e737b78c4;hb=821a37ad1a2a084c13ac7c0086bd6d1e737b78c4 Best regards, Daniel
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.