FOUND A BUG, encrypted passwords and importing

Ivan Kohler ivan at sisd.com
Wed Jul 7 23:07:29 PDT 1999


On Wed, Jun 30, 1999 at 12:02:30AM -0600, Ben Leibig wrote:
> Ok, here's the deal.  Freeside seems to create a _password column in
> svc_acct which is 8 characters long.

I dunno where you got that idea.

ivan at rootwood:~/freeside_current$ grep _password bin/fs-setup 
   '_password', 'varchar',   '',   25, #13 for encryped pw's plus '*SUSPENDED*

Its been 25 characters since version 1.0.

>  Now, it is true that Unix passwords
> are only 8 characters long, however once encrypted then tend to be longer.
> When little old me runs svc_acct.import and imports all my passwords, only
> the first 8 characters of the encrypted password is imported.

That's very strange.  I can't find anything that would cause that to
happen.

>  The result of
> course is that regardless of weather freeside double encrypts the password
> or not, it's not going to work because the crypt string is not complete.
> 
> 
> Solutions:  I haven't implemented any yet, I'm interested on what thoughts
> are, or if I am just being stupid.

It seems to me that this might be a problem specific to your local
configuration, rather than a Freeside bug.

> 1: Just store all passwords encrypted.  Encrypt them when you get them... I
> don't see any reason to keep a non encrypted password in the database,
> actually it seems almost stupid.

RADIUS servers, historically, have required cleartext passwords.

grep 'uncomment this to encrypt password immediately' site_perl/svc_acct.pm

Not to say that it shouldn't be a configurable option.

> 2: Expand svc_acct._password to be larger(I don't know the maximum size for
> an encrypted password.
> 
> 
> I really want to get freeside implemented and start using it to take care of
> my bills, but at this point it is not practical due to this problem.  If
> anyone has any ideas let me know.  If anyone has any ideas on how to just
> adapt freeside to encrypt all passwords right away and work of a Unix like
> encrypted password scheme, that would be what I would prefer.
> 
> 
> 	Thanks,
> 		Ben Leibig
> 

-- 
Ivan Kohler <ivan at sisd.com> - finger for PGP key - <moc.dsis at navi> Relhok Navi
Open-source billing and administration for ISPs - http://www.sisd.com/freeside
20 4,16 * * * saytime # please don't be surprised if you find me dreaming too



More information about the freeside-users mailing list