On Wed, Aug 20, 2003 at 02:34:18PM -0500, Travis Miller wrote:
I already did, check my first email again. :)
sorry.
Here is something interesting, from auth_passwd.c, I added tiny bit of
debugging:
/* Now we need to authenticate the user; we will leave finding the
* mailspool for later. */
printf("Pwd compare: %s => %s => %s\n", pass, crypt(pass,
user_passwd), user_passwd);
if (!strcmp(crypt(pass, user_passwd), user_passwd)) {
a = authcontext_new(pw->pw_uid, use_gid ? gid : pw->pw_gid,
NULL, NULL, pw->pw_dir);
}
[...]
Pwd compare: testing => $1OMYGVcfhzuI => $1$o9UzF.MI$32/a2Jf/ExrQJoNFCshVl1
[...]
crypt() doesn't seem to be doing what it should be.
OK. What seems to be going on here is that your machine
uses crypt-MD5 passwords (the user_passwd hash is long and
starts `$1$...'. Now, what's supposed to happen here is
that the C library detects which sort of password is in
use by the first few characters ($1$ is special), and
computes the hash accordingly. But what you've actually
got is crypt(3) returning a traditional DES password using
$1 as the salt.
Can you try the following program:
#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>
int main(int argc, char **argv) {
char **a;
for (a = argv + 1; *a; ++a)
printf("%s -> %s\n", *a, crypt(*a,
"$1$o9UzF.MI$32/a2Jf/ExrQJoNFCshVl1"));
return 0;
}
-- you may need -lcrypt to compile it. Give it some
passwords on the command line and tell me the results.
Oh, one thing -- what do the other passwords in
/etc/shadow look like? You didn't just copy the entry for
user test over from the other machine?