MD5 authentication

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
dmoran
Posts: 20
Joined: Tue Feb 25, 2003 12:47 pm

MD5 authentication

Unread postby dmoran » Mon Apr 21, 2003 8:51 am

Does anyone know if IRIX is capable of using MD5 hashes for authentication instead of the old Unix crypt hashes? I believe SGI told me that this feature would be implemented in future OS upgrades, but that was last year.

User avatar
semi-fly
Posts: 786
Joined: Fri Feb 21, 2003 5:29 am
Location: Ypsitucky, MI
Contact:

Unread postby semi-fly » Mon Apr 21, 2003 9:44 am

http://freeware.sgi.com/Installable/md5-rfc1321.html
For somthing specific or authentication in general?

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Unread postby nekonoko » Mon Apr 21, 2003 9:54 am

I think the original poster is asking if MD5 can be used in a /etc/passwd type application for login authentication, but I'm not sure. As far as I know it isn't built into IRIX at this time, but could probably be added via the login SITECHECK parameter (from man login(1)):

SITECHECK= Use an external program to authenticate users instead of using the encrypted password field. This allows sites to implement other means of authentication, such as card keys, biometrics, etc. The program is invoked with user name as the first argument, and remote hostname and username, if applicable. The action taken depend on exit status, as follows:

0 Success; user was authenticated, log in.

1 Failure; exit login.

2 Failure; try again (don't exit login).

other Use normal UNIX authentication.

If authentication fails, the program can chose to indicate either exit code 1 or 2, as appropriate. If the program is not owned by root, is writable by others, or cannot be executed, normal password authentication is performed. It is recommended that the program be given a mode of 500.

Warning: Because this option has the potential to defeat normal IRIX security, any program used in this way must be designed and tested very carefully.


Perhaps this could be tied to something like PAM for MD5 auth.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

dmoran
Posts: 20
Joined: Tue Feb 25, 2003 12:47 pm

Unread postby dmoran » Mon Apr 21, 2003 10:17 am

Nekonoko is correct. I'm wanting to use MD5 hashes in /etc/passwd (instead of the old Unix crypt (DES) hashes) for login authentication.


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest