aboutsummaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorTimo Weingärtner <timo@tiwe.de>2021-04-16 19:33:21 +0200
committerTimo Weingärtner <timo@tiwe.de>2021-04-16 19:49:10 +0200
commitf46bd38f387f0a580e134388086321b03e6b17d3 (patch)
treecf8f36be26226fb0f039f9478ab851ec7c89458e /README
parente29d26e77d8577ea272211c20240b3c39dff6bf0 (diff)
downloadlibpam-pwdfile-f46bd38f387f0a580e134388086321b03e6b17d3.tar.gz
do away with legacy crypt types
it is the responsibility of libcrypt to implement crypt types
Diffstat (limited to 'README')
-rw-r--r--README17
1 files changed, 0 insertions, 17 deletions
diff --git a/README b/README
index bf9eacd..2c46cd1 100644
--- a/README
+++ b/README
@@ -25,7 +25,6 @@ options
* debug: produce a bit of debug output
* nodelay: don't tell the PAM stack to cause a delay on auth failure
* flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead
-* legacy_crypt: see section LEGACY CRYPT
PASSWORD FILE
@@ -36,19 +35,3 @@ First field contains the username, the second the crypt()ed password.
Other fields are optional.
crypt()ed passwords in various formats can be generated with mkpasswd from the whois package.
-
-
-LEGACY CRYPT
-============
-
-There are two crypt types that are disabled by default: bigcrypt and broken md5_crypt.
-They are disabled because they use static buffers which is bad when doing PAM authentication using this module in a multithreaded server.
-All the other crypt types are checked via the systems crypt_r function if available, else with the normal crypt function and the same static-buffer-problem.
-
-bigcrypt was used on DEC systems to allow for longer passwords.
-You can check if your passwd file contains any of these with `cut -d: -f2 passwd-file | egrep '^[^$].{13}'`.
-
-Broken md5_crypt is a speciality of big-endian systems.
-An early implementation of md5_crypt got the byte order wrong here and produced different crypt outputs.
-You might have some of these crypt hashes in your passwd file only if you created them on a big-endian system.
-If an md5_crypt hash also worked on a little-endian system (up to and including libpam-pwdfile 0.99) it isn't broken md5_crypt.