Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Jul 2020 17:08:54 +0300
From: "Dmitry V. Levin" <>
Subject: Re: [PATCH 0/5] pam_tcb update


On Sat, Jul 07, 2018 at 02:37:58AM +0300, Dmitry V. Levin wrote:
> On Fri, Jul 06, 2018 at 03:33:28PM +0200, Solar Designer wrote:
> > On Thu, Jul 05, 2018 at 02:29:19AM +0300, Dmitry V. Levin wrote:
> > > I've got a few patches for pam_tcb.  Tested in Sisyphus.
> > 
> > Thanks.  I think we should get these into Owl-current (even though these
> > changes don't matter much for Owl yet), test them a bit more in there,
> > then release tcb 1.2.  For the testing in Owl-current, use version
> > numbers like 1.1.x or even 1.1.9.x (indicating that we're closer to 1.2
> > than to 1.1).
> OK, but I'm not sure I remember correctly how to get anything into
> Owl-current.
> > For the release, we also need updated LICENSE (copyright years) and
> > ChangeLog.  We could also use this opportunity to relax the license for
> > our newly written source files (not inherited from pam_unix).  There's
> > no reason to subject them to 3-clause BSD or GPL (BTW, of unspecified
> > version) that the whole thing is under for historical reasons - we can
> > as well use 0-clause BSD for them (add such comments to the files
> > themselves).  If we go for this, we need to ask Rafal for his approval.
> I don't mind changing the license this way, although I don't see any
> practical difference so far.
> > >   pam_tcb: use pam_get_authtok(3) instead of _unix_read_password
> > 
> > Does this mean we're dropping OpenPAM support, which you had once added?
> No, I don't think so, OpenPAM provides pam_get_authtok with the same
> interface as in Linux-PAM since 2002-04-08 and claims it is an OpenPAM
> extension.  Perhaps I should amend the commit message to mention this.
> I haven't tried to build anything with OpenPAM for quite some time, though.
> > >   pam_tcb: request automatic prefix and entropy if libcrypt implements it
> > 
> > Please add a 6th patch/commit that would change the default prefix from
> > $2y$ to $2b$ to be friendlier to OpenBSD.  I understand that ALT has to
> > stay with $2y$ for a while longer, but I guess you can be overriding
> > this default on pam_tcb's command line.
> OK

I've finally managed to commit these changes.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.