Re: pserver login fails on 9 char passwords

[Derek Robert Price]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark D. Baushke wrote:

> Mäkeläinen Juha <juha.makelainen@osuuspankki.fi> writes:
>
> >This problem was found when using cvs-1.11.11 server on HP-UX and
> >wincvs client.
> >
> >If user password is 9 chars long, the crypted password from client is
> >13 characters but password got from HP-UX secure password system is 24
> >characters. The server.c module can not handle that.
>
> The HP/UX passwords have been problems in the past. There was a hack
> that stuck a NUL byte at the first comma in the found_passwd because of
> extra glop that the HP/UX system added.


Actually, as near as I can tell, the CVS server has been dealing with
that problem, inserting the NUL at the comma, since 1.11.7.  Why is
Mäkeläinen still experiencing a problem?

Not that that is really the correct fix - to quote the comment in server.c:

    /* Allow for dain bramaged HPUX passwd aging
     *  - Basically, HPUX adds a comma and some data
     *    about whether the passwd has expired or not
     *    on the end of the passwd field.
     *  - This code replaces the ',' with '\0'.
     *
     * FIXME - our workaround is brain damaged too.  I'm
     * guessing that HPUX WANTED other systems to think the
     * password was wrong so logins would fail if the
     * system didn't handle expired passwds and the passwd
     * might be expired.  I think the way to go here
     * is with PAM.
     */


Patches pensively perused,

Derek
- --
                *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQFAaFxRLD1OTBfyMaQRAuLlAKDee7Qzp6TGao1j8D4xLz0TnnqbhACg3U94
PIaFtw/9LoXfr66WblIpoVg=
=ruXt
-----END PGP SIGNATURE-----