password encryption

These are old archives. They are kept for historic purposes only.
Post Reply
droolin
Posts: 42
Joined: Sat Dec 04, 2004 7:27 pm
Location: USA - Ohio
Contact:

password encryption

Post by droolin »

We are running unreal 3.2.3 on various unix shell platforms, and have encrypted all of our oper passwords using the crypt auth type. The encryption representation of the password that is used in the oline's are created using the shell command ./unreal mkpasswd crypt <blablabla> and then applied to the oline.
{18:05} (Absolutely For Sure) [~/Unreal3.2/config] ;o)~ ~ ~ ../unreal mkpasswd crypt blablabla
Encrypted password is: $1$98$0LvKqRR22nuXus2Brw96T1
{18:05} (Absolutely For Sure) [~/Unreal3.2/config] ;o)~ ~ ~
{18:05} (Absolutely For Sure) [~/Unreal3.2/config] ;o)~ ~ ~ vi olines.conf
oper Mik {
from {
userhost *@*.ding.dong;
};
password "$1$98$0LvKqRR22nuXus2Brw96T1" { crypt; };
The passwords work fine, and then for somereason. Opers are getting invalid passwords. We recrypt the password, and update the oline. And things are fine again. This seems to happen when I have to rehash servers for some reason.
I've been talking to a tech on a sisiter network, and he was asking me about the same problem last night. Now, I thought we had this fixed cause we redid all oper passwords and things were going great. But, I had to update c/n lines today and rehash. And i've had 2 opers that came to me with problems, and had to redo there's?
Sugestions? Use another auth type? We chose by the way, crypt cause it was on all the shells and it just made life simplier.

Any input on this would be greatly appriceated.

droolin
Hornyness is a perpetual thang. The hornier you are, the hornier your going to be.
nate
Posts: 148
Joined: Fri Jul 29, 2005 10:12 am
Location: Johnstown, Pa
Contact:

Post by nate »

Are you sure its been added to the O:Line on all servers and reshashed? Perhaps they are trying to OPER up on a server with the new encrypted password not rehashed/added in yet?
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop »

Odd.. (unless it is what NBishop says).

Actually, yes, using another algorithm might help. 'crypt' is done "outside Unreal" (by libc or libcrypt etc). If you use 'md5' or 'sha1' (either one is fine) and then you get this problem again, then we know for sure something might be wrong in Unreal (the md5 routines/etc are done entirely in unreal [or openssl if ssl enabled, but that is no problem]).
droolin
Posts: 42
Joined: Sat Dec 04, 2004 7:27 pm
Location: USA - Ohio
Contact:

ok, thanks

Post by droolin »

Our policy is that opers can only have an oline on one server, so they wouldnt be on another server trying to op up. Least, on purpose. Lol, yes. I have seen that. But, I usualy join the server that the oper is having problems on when I correct their olines so that I can see all messages and once i have corrected the oline, they are able to oper up.
Ill check all our servers for md5, see if we can switch to that.
As a side note, the tech on the sister network was using the crypt auth type also. And for the same reason we were.

Thanks alot, very much appriceated.

droolin
Hornyness is a perpetual thang. The hornier you are, the hornier your going to be.
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: ok, thanks

Post by Syzop »

droolin wrote:Ill check all our servers for md5, see if we can switch to that.
md5 is build-in in unreal, it is always available (since Unreal3.2.1 it is build-in).
I forgot to mention though.. sha1 is not ;).
I always use md5 for unreal passwords myself... always available and secure...
Thanks alot, very much appriceated.
np ;)
Post Reply