Author: V. T. Mueller Date: To: exim-dev Subject: [exim-dev] crypt(), crypt16() and bigcrypt()
Hello,
I just noticed the following:
# The passwords for user accounts are normally encrypted with the
crypt()
# function. Comparisons with encrypted passwords can be done using
Exim's
# "crypteq" expansion operator. (This is commonly used as part of the
# configuration of an authenticator for use with SMTP AUTH.) At
least one
# operating system has an extended function called crypt16(), which
uses up to
# 16 characters of a password (the normal crypt() uses only the
first 8). Exim
# supports the use of crypt16() as well as crypt().
# You can always indicate a crypt16-encrypted password by preceding
it with
# "{crypt16}". If you want the default handling (without any preceding
# indicator) to use crypt16(), uncomment the following line:
# DEFAULT_CRYPT=crypt16
# If you do that, you can still access the basic crypt() function by
preceding
# an encrypted password with "{crypt}". For more details, see the
description
# of the "crypteq" condition in the manual chapter on string expansions.
# Since most operating systems do not include a crypt16() function
(yet?), Exim
# has one of its own, which it uses unless HAVE_CRYPT16 is defined.
Normally,
# that will be set in an OS-specific Makefile for the OS that have
such a
# function, so you should not need to bother with it.
in the 4.52 src/editme file. We haven't been authenticating locally
for years, so this probably is in there for some time already.
What I'd like to comment is the following. As an alternative to the
standard crypt() HP-UX uses a proprietary function called bigcrypt()
when running in "trusted mode", allowing passwords to contain a
maximum of 40 characters.
Is anyone interested in details, manpages, testaccounts? Haven't
taken a look into the code yet, but I doubt that my skills in C are
sufficient to produce patches. You don't want me to try this ;-)