Обсуждение: crypt password authentication does not work in cross platform env
I'm living in outside US and am running the export version of FreeBSD coming without DES. Problem is that if I enable the crypt password authentication, the FE on any platform other than FreeBSD will not talk to the BE on the FreeBSD box (Of course FreeBSD can talk to FreeBSD). The export version of FreeBSD's crypt() is implemented using MD5, and it does not compatible with the traditional crypt(). This is the source of the problem, I guess. I have looked into backend/libpq and interfaces/libpq, but I couldn't find any portable solution for that so far. As far as I know, there are at least 2 workarounds: 1. install "des" package (ftp://ftp.internat.freebsd.org/pub/FreeBSD/2.2.6-RELEASE/des/) 2. link the BE with libcrypt.a coming with SSLeay (see http://www.psy.uq.oz.au/~ftp/Crypto/ for more info about SSLeay) Should we document these in somewhere? -- Tatsuo Ishii t-ishii@sra.co.jp
Re: [HACKERS] crypt password authentication does not work in cross platform env
От
Peter Mount
Дата:
On Wed, 24 Jun 1998 t-ishii@sra.co.jp wrote: > I'm living in outside US and am running the export version of FreeBSD > coming without DES. Problem is that if I enable the crypt password > authentication, the FE on any platform other than FreeBSD will not > talk to the BE on the FreeBSD box (Of course FreeBSD can talk to > FreeBSD). The export version of FreeBSD's crypt() is implemented using > MD5, and it does not compatible with the traditional crypt(). This is > the source of the problem, I guess. I have looked into backend/libpq > and interfaces/libpq, but I couldn't find any portable solution for > that so far. I thought there was only one implementation of crypt()? When I added crypt support into the JDBC driver, I used an existing java implementation as a baseline. Now this works for postgres running on Linux() (& java running on Linux & Win95), but I haven't heared of a problem with it on other Unixes. > As far as I know, there are at least 2 workarounds: > > 1. install "des" package > (ftp://ftp.internat.freebsd.org/pub/FreeBSD/2.2.6-RELEASE/des/) > > 2. link the BE with libcrypt.a coming with SSLeay > (see http://www.psy.uq.oz.au/~ftp/Crypto/ for more info about SSLeay) > > Should we document these in somewhere? How accessible is the source, and is it in C? I'm asking this, because we would have to convert it into Java for the JDBC driver, and I know the ODBC guys would have to convert it as they don't use libpq either. -- Peter Mount, peter@maidstone.gov.uk Postgres email to peter@taer.maidstone.gov.uk & peter@retep.org.uk Remember, this is my work email, so please CC my home address, as I may not always have time to reply from work.
Re: [HACKERS] crypt password authentication does not work in cross platform env
От
t-ishii@sra.co.jp (Tatsuo Ishii)
Дата:
At 8:42 AM 98.6.24 +0100, Peter Mount wrote: >On Wed, 24 Jun 1998 t-ishii@sra.co.jp wrote: > >> I'm living in outside US and am running the export version of FreeBSD >> coming without DES. Problem is that if I enable the crypt password >> authentication, the FE on any platform other than FreeBSD will not >> talk to the BE on the FreeBSD box (Of course FreeBSD can talk to >> FreeBSD). The export version of FreeBSD's crypt() is implemented using >> MD5, and it does not compatible with the traditional crypt(). This is >> the source of the problem, I guess. I have looked into backend/libpq >> and interfaces/libpq, but I couldn't find any portable solution for >> that so far. > >I thought there was only one implementation of crypt()? > >When I added crypt support into the JDBC driver, I used an existing java >implementation as a baseline. > >Now this works for postgres running on Linux() (& java running on Linux & >Win95), but I haven't heared of a problem with it on other Unixes. Linux's crypt() is fine. Only FreeBSD has that problem (I'm not sure about other BSDish boxes, though). Anyway, I will check the JDBC driver with crypt authentication enabled next week (sorry, I'm too busy on the "real world" work this week:-) >> As far as I know, there are at least 2 workarounds: >> >> 1. install "des" package >> (ftp://ftp.internat.freebsd.org/pub/FreeBSD/2.2.6-RELEASE/des/) >> >> 2. link the BE with libcrypt.a coming with SSLeay >> (see http://www.psy.uq.oz.au/~ftp/Crypto/ for more info about SSLeay) >> >> Should we document these in somewhere? > >How accessible is the source, and is it in C? Sure, they are free and are written in C. >I'm asking this, because we would have to convert it into Java for the >JDBC driver, and I know the ODBC guys would have to convert it as they >don't use libpq either. Does the Java crypt class call native crypt lib? or is that written in 100% pure Java? -- Tatsuo Ishii t-ishii@sra.co.jp
Re: [HACKERS] crypt password authentication does not work in cross platform env
От
Peter Mount
Дата:
On Wed, 24 Jun 1998, Tatsuo Ishii wrote: > At 8:42 AM 98.6.24 +0100, Peter Mount wrote: [snip] > > > >I thought there was only one implementation of crypt()? > > > >When I added crypt support into the JDBC driver, I used an existing java > >implementation as a baseline. > > > >Now this works for postgres running on Linux() (& java running on Linux & > >Win95), but I haven't heared of a problem with it on other Unixes. > > Linux's crypt() is fine. Only FreeBSD has that problem (I'm not sure > about other BSDish boxes, though). Anyway, I will check the JDBC driver with > crypt authentication enabled next week (sorry, I'm too busy on the > "real world" work this week:-) Your'e not the only one at the moment ;-) > Does the Java crypt class call native crypt lib? or is that written in > 100% pure Java? It's 100% pure Java. -- Peter Mount, peter@maidstone.gov.uk Postgres email to peter@taer.maidstone.gov.uk & peter@retep.org.uk Remember, this is my work email, so please CC my home address, as I may not always have time to reply from work.