[nSLUG] Crypt in Perl

D G Teed donald.teed at gmail.com
Wed Jan 7 23:53:55 AST 2009


On Wed, Jan 7, 2009 at 10:03 PM, Daniel Morrison <draker at gmail.com> wrote:

> 2009/1/7 D G Teed <donald.teed at gmail.com>:
> > You must have mistaken me for a web developer.  I'm just
> > a Sysadmin, trying not to cause discomfort for users.
> > We are after seamless changes here, not announcements
> > that everyone needs to change their password (that is
> > what they would expect of phishers anyway).
>
> Not at all!  I was merely pointing out where George mentioned the
> recommendation from Python docs to use the full crypted password as a
> salt.
>
> Moreover, from the glibc manual:
> http://www.gnu.org/software/libtool/manual/libc/crypt.html#crypt
>
> "To verify a password against the result of a previous call to crypt,
> pass the result of the previous call as the salt."
>

I don't need to rewrite the app, merely migrate it.
End of story. If I was making an application, I wouldn't use
this anyway - I'd either have something with a database and md5,
or use LDAP/AD/pam for auth.  Features like account maintenance
and expiry are missing from something as basic as flat files.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20090107/d1fb34a8/attachment-0001.html>


More information about the nSLUG mailing list