This one: Secure Java apps on Linux using MD5 crypt
Firstly, the encrypted string is: $<mechanism>$..., where a mechanism of 1 is MD5. My desktop has 2a, which indicates I'm using the Blowfish algorithm - I see no reason to compromise.
Well, guess what - this document won't work for me because I use blowfish locally, and secondly, the only accounts in /etc/shadow (and passwd) are local accounts - if you're using nis, nisplus, or ldap (solaris more so) for your name services, then you're SOL with this mechanism.
This is another reason for not using the crypt mechanism is that this is trying to solve the problem from the wrong level. You should not be trying to compare the encryption strings, you should be using an alternative to the OS provided security mechanism. So in this case you should be using jaas, and a PAM plugin. The use of yet another 'well it works on my box' mechanism is so cripplingly annoying that it angries up my blood.
Firstly, the encrypted string is: $<mechanism>$..., where a mechanism of 1 is MD5. My desktop has 2a, which indicates I'm using the Blowfish algorithm - I see no reason to compromise.
Well, guess what - this document won't work for me because I use blowfish locally, and secondly, the only accounts in /etc/shadow (and passwd) are local accounts - if you're using nis, nisplus, or ldap (solaris more so) for your name services, then you're SOL with this mechanism.
This is another reason for not using the crypt mechanism is that this is trying to solve the problem from the wrong level. You should not be trying to compare the encryption strings, you should be using an alternative to the OS provided security mechanism. So in this case you should be using jaas, and a PAM plugin. The use of yet another 'well it works on my box' mechanism is so cripplingly annoying that it angries up my blood.
Leave a comment