cancel
Showing results for 
Search instead for 
Did you mean: 

SIA Interface

Cesar Garin
Occasional Advisor

SIA Interface

I am using Tru64 version 5.1a with enhanced security and have a requirement to customise password authenticaion.

The user passwords need to be encrypted n-thousand times using MD5.

To do this I believe I will need to write my own __siad_update_pass() function. This would call a function to encrypt the newpass parameter, then pass the encrypted password to the standard siad_update_pass. The stored password is now encrypted.

Encryption would also be needed when validating passwords . So I would need a __siad_validate_user function that would encrypt the passphrase parameter, plus a collect function that also encrypts the entered password.

I'm not familiar with the sia interfaces, and would prefer not to have to develop replacement functions. Hense my approach is based on wrappers around existing sia functions.

I would be greatful for any advise on problems /weaknesses in my proposed solution. Or perhaps there are simpler ways of achiving my requirements?
3 REPLIES
Ann Majeske
Honored Contributor

Re: SIA Interface

Hi Stuart,

I've never written an SIA mechanism myself, but it looks like there's a sample one available. See the readme file at:
http://users.rcn.com/spiderb/sec/siaskey-readme.html
Hope this helps.

Ann
Cesar Garin
Occasional Advisor

Re: SIA Interface

Thanks Ann,

The link was useful example of how to write an SIA interface.
But perhaps there is an alternative to writing my own SIA interface? Is it possible to add my own additional encryption routine?

Using get_num_crypts() andget_crypt_name() I can see the std crypt16, crypt and C1crypt. The man pages imply that further encryption algorithms can be added. Any idea how this is none? I can't find any details in the security guide.
Cesar Garin
Occasional Advisor

Re: SIA Interface


Ann -
The site you directed me at also has a pwpolicy example: http://users.rcn.com/spiderb/sec/site-pwpolicy.c.txt
- this is really what I need although it's taken me a while to realise it! Problem solved.