Re: vlock with md5 password support

From: José Luis Domingo López (jdomingo@internautas.org)
Date: 01/07/02


Date: Mon, 7 Jan 2002 19:40:40 +0100
From: José Luis Domingo López <jdomingo@internautas.org>
To: focus-linux@securityfocus.com

On Sunday, 06 January 2002, at 02:53:37 -0500,
Casey Allen Shobe wrote:

> I reconfigured my linux-from-scratch system to use MD5 passwords rather than
> the standard DES some time ago because of the heightened security, primarily
> in the fact that more than the first 8 characters of the password matter.
>
> However, this rendered one of my favorite tools, vlock, unusable, as it
> doesn't support MD5-encrypted passwords.
>
At least on Linux Debian, vlock is compiled with PAM support:
dardhal:/tmp$ ldd vlock
        libdl.so.2 => /lib/libdl.so.2 (0x4001d000)
        libpam.so.0 => /lib/libpam.so.0 (0x40021000)
        libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x40029000)
        libc.so.6 => /lib/libc.so.6 (0x4002c000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x40150000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

So there is a file under /etc/pam.d/ that includes authentication
configuration for vlock itself. Maybe the file is not configured
correctly. For example, in my installation it just has:

#%PAM-1.0
auth required pam_unix.so

Component "auth" for other PAMified programs such as login have the same
configuration under their respective file in /etc/pam.d. For more
information, check PAM documentation (/usr/share/doc/libpam-doc under
Debian, package libpam-doc).

Hope this helps.

-- 
José Luis Domingo López
Linux Registered User #189436     Debian Linux Woody (P166 64 MB RAM)
 
jdomingo AT internautas DOT   org  => Spam at your own risk