[184] in linux-security and linux-alert archive
Re: Skey use with Linux
daemon@ATHENA.MIT.EDU (Richard W. Carr)
Thu Mar 23 21:01:37 1995
Date: Thu, 23 Mar 1995 13:46:01 -0800 (PST)
From: "Richard W. Carr" <rwcarr@crl.com>
To: linux-security@tarsier.cv.nrao.edu
I'd like to thank everyone for the responses I received on my question
regarding s/key. The folks on this list have really come through for me.
To help others that may have similar questions, I'm posting a summary of
all the responses I received to my query. Of particular note; I was
informed that a new release of s/key is due out within the next few weeks
from NRL. The NRL package should be much more portable and easier to
compile and configure. (The technical work was done a long time ago;
they've been in legal wait for a few months, but I ["Theodore Ts'o"] was
assured that it should hopefully be out before the upcoming IETF meeting.)
Now for the rest of the information I received:
The difficulty is the result of a byte swapping problem. You need to
specify whether your system is little-endian or big-endian in a #define
statement. The mod is as follows:
In md4.c:
#if (defined(__MSDOS__) || defined(MPU8086) || defined(MPU8080) \
|| defined(vax) || defined (MIPSEL))
#define LOWBYTEFIRST TRUE /* Low order bytes are first in memory */
#else /* Almost all other machines are big-endian */
#define LOWBYTEFIRST FALSE
#endif
#define LOWBYTEFIRST TRUE /* Low order bytes are first in memory */
Basically, Linux isn't defining anything that causes the #ifdef to be
true, so you just force the issue.
Now, key generates the same strings as all the other implementations (HP,
Sun, DEC ALPHA, IBM AIX).
Finally, at ftp://ftp.dhp.com/pub/crypto/skey/* You'll find
key-linux-bin.gz, a binary that you can use to test the skey's generated.
Also available is skey-md4.tar.gz, small hacks to get it working, and
shadow-3.3.2-skey.tar.gz, more hacks that were done to incorporate skey
into the shadow suite.
