Blowfish support in crypt() (glibc) ?

Robert Connolly robert at linuxfromscratch.org
Sun Jun 6 15:28:47 PDT 2004


Okay, there's two ways we can do this. libxcrypt is a standalone blowfish 
library, crypt_blowfish is the same thing but its in glibc's libcrypto so its 
a patch instead of a package. With libxcrypt I got blowfish working using 
pam_unix2. With crypt_blowfish I got blowfish working using tcb from owl. It 
looks like owl's crypt_blowfish+tcb+pam_passwdqc etc is the better way to go 
but they only have shadow-4.0.0 patched to use it, so we would have to 
downgrade till thats fixed. Using libxcrypt works fine and doesn't change 
anything with shadow. Owl's shadow uses privledge dropping, two new groups 
are added, group ckpasswd and shadow.

Anyone want to discuss or vote on this?




More information about the hlfs-dev mailing list