This is the mail archive of the
glibc-linux@ricardo.ecn.wfu.edu
mailing list for the glibc project.
Re: login and passwd problems with glibc (crypt) [problem solved]
Gael Queri writes:
> On Wed, Aug 23, 2000 at 12:18:47PM -0500, Vincent <Vincent wrote:
> > Karsten Hopp writes:
> > > I suppose you need the crypt addon for glibc and you'll have to
> > > configure it with
> > > --enable-add-ons=crypt
> > >
> > > Karsten
> > >
> > > Vincent wrote:
> > > >
> > > > I cannot get login and passwd to work with glibc.
> > > >
> > > > I am running:
> > > > AMD K6 processor
> > > > linux-kernel-2.4.0-test4
> > > > glibc-2.1.3
> > > > configured with
> > > > configure --host=i386-pc-linux-gnu --enable-add-ons \
> > > > --prefix=/usr \
> > > > --disable-sanity-checks
> >
> > Thanks for replying, but as I mentioned in my posting, I tried both
> > with and without the crypt addon. It is linked with libcrypt.
> >
> > # ldd /usr/bin/passwd
> > libshadow.so.0 => /lib/libshadow.so.0 (0x40018000)
> > libcrypt.so.1 => /lib/libcrypt.so.1 (0x4002e000)
> > libc.so.6 => /lib/libc.so.6 (0x4005b000)
> > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
> >
> > glibc still generated this library without the crypt addon, apparently
> > with md5 encryption. Besides, it would be a problem if the crypt
> > addon was required to function because that would prevent
> > distributions in the US from distributing pre-compiled glibc packages
> > outside the US. Our infinitely wise politicians would not want to
> > take a chance on the developers of the encryption code getting a copy
> > of their own code back :-).
>
> Vincent, could you try running portmap (if it's not here) ?
> just do as root
> # /usr/sbin/rpc.portmap
>
> (if it fails try # /usr/sbin/portmap)
>
> it's a weird bug that appeared with the 2.3.99 kernel which could
> be the origin of this problem
>
> regards, gael
That's interesting. I'm not clear how the portmapper could affect
password encryption. I didn't think there were any socket
communications involved. Anyway, rpc.portmap is running so that
turned out not to be the problem. I finally solved it myself, but
thanks to those who attempted to help.
As it turns out, apparently libc6 only supports md5 encryption without
the crypt addon. The shadow package needed
MD5_CRYPT_ENAB yes
to be set in /etc/login.defs to enable md5. This caused the salt
parameter to crypt() to contain "$1$" at the beginning of the string.
Without this in the salt string, crypt() could not generate the
password and hence the error
crypt: Operation not supported
got printed.
I still do not know why it I got the same error with the crypt addon
compiled into libc6 unless shadow does not support the new DES
encryption or there is some other configuration parameter I have not
discovered yet to enable it.
The passwd and login utils from the util-linux-2.10k also do not work
with libc6 and I have not found any reference to how to enable md5 in
that package. passwd acted like it changed the password with no
errors but no password got encrypted in /etc/passwd. Apparently glibc
does not support the old encryption that was used in libc5, which
means that shadow is the only package that works. That is ok since
shadow works with shadow passwords on or off.
I do like the fact that, with MD5, passwords can be longer (up to 127
characters). I just wish that these packages were documented better
as to which combinations work and which don't.
- Vincent