60724 – gq doesn't properly base64 encode passwords, also doesn't have ssha and smd5

Bug 60724 - gq doesn't properly base64 encode passwords, also doesn't have ssha and smd5

Summary: gq doesn't properly base64 encode passwords, also doesn't have ssha and smd5

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	gq
Sub Component:
Version:	7.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-03-05 16:52 UTC by Keith T. Garner
Modified:	2008-05-01 15:38 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-10-18 14:26:27 UTC
Embargoed:

Attachments	(Terms of Use)

Description Keith T. Garner 2002-03-05 16:52:23 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8+) Gecko/20020227

Description of problem:
GQ puts the encrypted password into ldap in hex form.  The standard seems to be
base64 encoded, thus, the new passwords wouldn't work when authenticating
against OpenLDAP.  Also, gq doesn't have support for the more secure ssha and
smd5 methods.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Run gq against an openldap server
2.modify a user password
3.attempt to authenticate
	

Actual Results:  The user cannot authenticate

Expected Results:  The user should be able to authenticate

Additional info:

I have created two patches that fix both of these problems.  The first is at
http://www.kgarner.com/code/gq/gq-0.4.0.openldap-passwd-encoding.diff  The first
patch fixes the encoding.  The second patch is at
http://www.kgarner.com/code/gq/gq-0.4.0.encode-ssha+smd5.diff  This patch adds
the ssha and smd5 encoding methods.

Comment 1 Bill Nottingham 2006-08-07 17:22:35 UTC

Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.

Comment 2 Bill Nottingham 2006-10-18 14:26:27 UTC

Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.