MD5 Support

senaque at thepla.net senaque at thepla.net
Fri Feb 7 00:16:09 CET 2003


On 6 Feb 2003 at 12:37, Recycle Computer shaped the electrons to say...

> 
> Change the pam configuration files to allow md5?
> 
> --mark--
> 

Hello fellow faiers,

Firstly, many thanks for all the help and suggestions you have given on this topic.

Mark, this is how I have been doing it all along and from what I've heard, what everyone else has 
been doing for the sake of 'getting things going' aswell, but as Andrew has mentioned in earlier 
posts, it really is a cludge as the passwd program will remain to be unconfigurable nor registered 
with debconf.

I am unsure of the long-term gravity of doing so, and have therefore not posted a "SUMMARY" to 
the list yet to close the topic officially and this is because I still have hopes of finding out how to 
achieve this :-) MD5 and shadow as far as I am concerned are fundamental and basic necessity 
of any system that wishes to be even marginally secured and should not only be fixed but a 
default ;-) Now, I've continued doing some research on the matter and I have found out a few 
concrete things. In Chapter 5 of the Debian Policy Manual (http://www.debian.org/doc/debian-
policy/ch-miscellaneous.html) it specifically states:

"Since an interactive debian/rules script makes it impossible to auto-compile that package and 
also makes it hard for other people to reproduce the same binary package, all required targets 
MUST be non-interactive."

Am I to understand the passwd program _should_ actually be able to install non-interactively if it is 
to comply with the Debian policy? Furthermore, I am using 'woody' here not a testing nor unstable 
release and this is what worries me even more, it may 'never get fixed'. In response to Sebastien's 
e-mail a few days ago, I have the following package versions in woody(stable):

    dpkg/woody uptodate 1.9.21
    debconf/woody uptodate 1.0.32
    passwd/woody uptodate 20000902-12
    base-passwd/woody uptodate 3.4.1

One interesting thing to note is that we both have the same passwd version (although I don't know 
his base-passwd and whether this should interfere with it or not). This leads me to believe it may 
not be a problem with the passwd package itself, but something else, however it is made more 
confusing since many of the other packages I install which make use of debconf (like apache, 
etc), install non-interactively perfectly. In the meantime, I have been trying to work out the problem 
myself by ripping everything apart and recompiling the passwd program (which is really a shadow 
suite with 12 or so patches + the login program), and doing things like setting the "-x" parameter 
for bash in the passwd.config script in the hopes of seeing anything that may possibly be causing 
this, etc.

 I would like to know if anyone on this list has experience with submitting bugs to b.d.o and/or can 
say for certain what is causing this so that I may submit a bug report. The only thing stopping me 
from doing so already is that the _same_ passwd program is used in both a working and non-
working system as mentioned previously. Also worth mentioning is that if passwd is installed 
_interactively_ through dialog (even on the FAI freshly installed or chrooted system $ROOTCMD 
dpkg-reconfigure -fdialog passwd), it works _perfectly_. 

Strange indeed.

Ideas? Thoughts? Comments?
PS- Sorry for the inordinately long post :-)

Regards,

Senaque
---
E-MAIL: senaque at thepla.net
IRC: #FAI @ irc.freenode.net
WWW: http://www.sf.net/users/senaque/




More information about the linux-fai mailing list