Currently PHP is shipped without mhash support. Adding mhash support requires adding of a libmhash rpm to the distribution and configuring PHP with --with-mhash. The mhash source can be found at http://prdownloads.sourceforge.net/mhash/mhash-0.8.18.tar.gz?download A spec file for libmhash can be found here: http://home.hetnet.nl/~ottolander/mhash/libmhash.html (I will add the spec file as an attachment.)
Created attachment 94199 [details] libmhash.spec
First you must request separately for mhash to be added to the distribution. I don't particularly support this: mhash doesn't seem to do much that OpenSSL doesn't; you could extend the existing PHP openssl extension to achieve the same functionality without needing extra packages, I would think.
Maybe I should take a closer look at openssl, but it doesn't look like the PHP openssl interface currently makes it easy to use all the different encryption algorithms that mhash supports (have a quick look at http://mhash.sourceforge.net and the PHP4 documentation). Also it looks like the openssl functions use keys for encryption/hashing, which are not needed by the algorithms supported by mhash. F.e. how do I calculate an md5sum using openssl? How would I submit a request for adding (lib)mhash support to the distro? Also note that the library is only about 150K and PHP already has an interface to use it.
Changed product from Red Hat Linux Beta to Fedora Core 1, as it still is an issue there.
I'd like to support this change request, with RHEL 4 release as the target platform. We are using LDAP extensively in our organisation and plan offer LDAP-enabled solutions to many customers. Most of available LDAP-aware applications written in PHP use mhash PHP extension for password hashing (among others phpLDAPadmin). Lack of libmhash and php-mhash support in RHEL forces us to lean towards using Suse and other distributions because for production systems we need those packages to be _vendor-supported_, not home-made. Adding php-mhash support would be extremely easy (the official redhat/fedora RPM has a '--with-mhash' conditional now, see bug 111251) and it is a good time to get them included in RHEL 4 which is is in beta phase yet. IMO, this is an important feature for a corporate distribution since it is significat in LDAP-based environments. In addition, please note that almost all other distributions ship with mhash by default: Mandrake, SuSe, Debian. Even such a minimal system as OpenBSD, which refuses to put Midnight Commander in its ports tree, has mhash and php-mhash in ports.
I'd like to signify the importance of this for corporate customers using RHEL, what is the best method? Should I open a RHEL support ticket?
That's probably best.
I've opened service request 369868 as an addition to this bug.
Please also compare bug 104211, bug 114294, bug 114295 and bug 114297.
I'd just like to give a "me too" on this one. Having mcrypt/mhash and php-mcrypt/php-mhash in the standard FC distro would make my life a lot easier. Dan.
Realistically, as mhash/mcrypt is in Extras, php-m* is unlikely to be added to core.