Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Jul 2018 02:37:58 +0300
From: "Dmitry V. Levin" <ldv@...linux.org>
To: owl-dev@...ts.openwall.com
Subject: Re: [PATCH 0/5] pam_tcb update

On Fri, Jul 06, 2018 at 03:33:28PM +0200, Solar Designer wrote:
> On Thu, Jul 05, 2018 at 02:29:19AM +0300, Dmitry V. Levin wrote:
> > I've got a few patches for pam_tcb.  Tested in Sisyphus.
> 
> Thanks.  I think we should get these into Owl-current (even though these
> changes don't matter much for Owl yet), test them a bit more in there,
> then release tcb 1.2.  For the testing in Owl-current, use version
> numbers like 1.1.x or even 1.1.9.x (indicating that we're closer to 1.2
> than to 1.1).

OK, but I'm not sure I remember correctly how to get anything into
Owl-current.

> For the release, we also need updated LICENSE (copyright years) and
> ChangeLog.  We could also use this opportunity to relax the license for
> our newly written source files (not inherited from pam_unix).  There's
> no reason to subject them to 3-clause BSD or GPL (BTW, of unspecified
> version) that the whole thing is under for historical reasons - we can
> as well use 0-clause BSD for them (add such comments to the files
> themselves).  If we go for this, we need to ask Rafal for his approval.

I don't mind changing the license this way, although I don't see any
practical difference so far.

> >   pam_tcb: use pam_get_authtok(3) instead of _unix_read_password
> 
> Does this mean we're dropping OpenPAM support, which you had once added?

No, I don't think so, OpenPAM provides pam_get_authtok with the same
interface as in Linux-PAM since 2002-04-08 and claims it is an OpenPAM
extension.  Perhaps I should amend the commit message to mention this.

I haven't tried to build anything with OpenPAM for quite some time, though.

> >   pam_tcb: request automatic prefix and entropy if libcrypt implements it
> 
> Please add a 6th patch/commit that would change the default prefix from
> $2y$ to $2b$ to be friendlier to OpenBSD.  I understand that ALT has to
> stay with $2y$ for a while longer, but I guess you can be overriding
> this default on pam_tcb's command line.

OK


-- 
ldv

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.