This is tough, but what I am looking for is advice on password decription as follows.
I have been using a program customised Bugzilla ( established bug tracking tool)which uses Perl crypt, which is an implementation of UNIX C-standard DES crypt(3) function which is . I wish to use Microsoft Access for reporting purposes but need the same validation decription process that Bugzilla uses, I have been using MS Accesses xcrypt with no avail. I shall explain as follows:
What is needed is a Windows implementation of crypt(3) (ie 'crypt.dll') that can then be called by MS Access to validate user log-ons, or a bit of VB script that implements it that I can then shoehorn into MS Access.
Once a working MS Access crypt(3) is available, it merely becomes a matter of cunning code to ensure that only permitted users can see permitted data.
MSDN (msdn.microsoft.com) has some bits'n'pieces about crypt(3), but no dll or useful code segment as far as I can see.
Any help or pointers would be appreciated.
Martin..
See code sample for perl below.
NAME
crypt - one-way password encryption function
SYNOPSIS
#define _MINIX_SOURCE 1
#include <unistd.h>
char *crypt(const char *key, const char *salt)
DESCRIPTION
The first use of crypt() is to encrypt a password. Its second use is to
authenticate a shadow password. In both cases crypt() calls pwdauth(8)
to do the real work.
Crypt() encrypts a password if called with a user typed key, and a salt
whose first two characters are in the set [./0-9A-Za-z]. The result is a
character string in the [./0-9A-Za-z] alphabet of which the first two
characters are equal to the salt, and the rest is the result of
encrypting the key and the salt.
If crypt() is called with a salt that has the form ##user then the key is
encrypted and compared to the encrypted password of user in the shadow
password file. If they are equal then crypt() returns the ##user
argument, if not then some other string is returned. This trick assures
that the normal way to authenticate a password still works:
if (strcmp(pw->pw_passwd, crypt(key, pw->pw_passwd))) ...
If key is a null string, and the shadow password is a null string or the
salt is a null string then the result equals salt. (This is because the
caller can't tell if a password field is empty in the shadow password
file.)
The key and salt are limited to 1024 bytes total including the null
bytes.
FILES
/usr/lib/pwdauth The password authentication program
SEE ALSO
getpass(3), getpwent(3), passwd(5), pwdauth(8).
NOTES
The result of an encryption is returned in a static array that is
overwritten by each call. The return value should not be modified.
I have been using a program customised Bugzilla ( established bug tracking tool)which uses Perl crypt, which is an implementation of UNIX C-standard DES crypt(3) function which is . I wish to use Microsoft Access for reporting purposes but need the same validation decription process that Bugzilla uses, I have been using MS Accesses xcrypt with no avail. I shall explain as follows:
What is needed is a Windows implementation of crypt(3) (ie 'crypt.dll') that can then be called by MS Access to validate user log-ons, or a bit of VB script that implements it that I can then shoehorn into MS Access.
Once a working MS Access crypt(3) is available, it merely becomes a matter of cunning code to ensure that only permitted users can see permitted data.
MSDN (msdn.microsoft.com) has some bits'n'pieces about crypt(3), but no dll or useful code segment as far as I can see.
Any help or pointers would be appreciated.
Martin..
See code sample for perl below.
NAME
crypt - one-way password encryption function
SYNOPSIS
#define _MINIX_SOURCE 1
#include <unistd.h>
char *crypt(const char *key, const char *salt)
DESCRIPTION
The first use of crypt() is to encrypt a password. Its second use is to
authenticate a shadow password. In both cases crypt() calls pwdauth(8)
to do the real work.
Crypt() encrypts a password if called with a user typed key, and a salt
whose first two characters are in the set [./0-9A-Za-z]. The result is a
character string in the [./0-9A-Za-z] alphabet of which the first two
characters are equal to the salt, and the rest is the result of
encrypting the key and the salt.
If crypt() is called with a salt that has the form ##user then the key is
encrypted and compared to the encrypted password of user in the shadow
password file. If they are equal then crypt() returns the ##user
argument, if not then some other string is returned. This trick assures
that the normal way to authenticate a password still works:
if (strcmp(pw->pw_passwd, crypt(key, pw->pw_passwd))) ...
If key is a null string, and the shadow password is a null string or the
salt is a null string then the result equals salt. (This is because the
caller can't tell if a password field is empty in the shadow password
file.)
The key and salt are limited to 1024 bytes total including the null
bytes.
FILES
/usr/lib/pwdauth The password authentication program
SEE ALSO
getpass(3), getpwent(3), passwd(5), pwdauth(8).
NOTES
The result of an encryption is returned in a static array that is
overwritten by each call. The return value should not be modified.