>At http://www.sun.com/solaris/pam/ you'll find what you
>need to know about PAM on solaris including sample source
>code.
...
>If you wanted Solaris to use longer passwords and/or a different
>hash algorithm for storing the crypted version you should start
>with those links.

Hi Guys,

In order to ease debate of this topic a bit, I would like to proffer
the following factlets:

1) A project exists within Solaris engineering, to integrate a
   pluggable crypt() routine into Solaris, which will allow use of
   arbitrary password-hashing algorithms, of arbitrary lengths, etc,
   in Solaris.

2) Interoperability with Linux/*BSD MD5- and Blowfish-based hash
   algorithms is a goal of the project

3) If I remember right - and I may well be incorrect, as I am not
   responsible for this aspect of the project - the release is
   scheduled for Solaris9.

   I am consulting with the team/doing development work with them, on
   account of my (erm) extensive experience with crypt() implementations...

4) PAM was considered as a solution for this, and it was decided to
   *not* be the appropriate vehicle for delivery of an alternative
   crypt() routine, because (in summary) PAM is essentially an API for
   user-interfaces (/bin/login, ftpd, etc) - as opposed to an API for
   interfacing to the directory-services within which the password
   entries reside; consider "getpwent()" and family.

Other members of the development team are also on this list; I've
alerted them so that we can follow up with further comment/correct
my statements/answer questions.

        - Alec Muffett
          Senior Architect
          Sun Professional Services EMEA

--
  [opinions and statements cited herein are personal and may not be factual]
      alec muffett - random numbers: 26980 7 - alec.muffett  uk.sun.com
          * <A HREF="javascript:1/0">do not click on this link</A> *

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]