Subject: Re: libcrypto vs. libcrypt
To: None <>
From: Charles M. Hannum <>
List: tech-security
Date: 03/12/2003 14:31:54
On Wed, 2003-03-12 at 00:17, wrote:
> >So, I ran into an irritating problem with xscreensaver-gnome yesterday. 
> >It appears that, because I have Kerberos enabled, and therefore it's
> >linked with libcrypto, that the version of crypt(3) in libcrypto is
> >overriding the one in libcrypt, and therefore my Blowfish password
> >entries do not work.
> >
> >I sniffed around, and this problem also looks likely to affect OpenLDAP,
> >Postgres and ntop2.
> >
> >One possible fix for this is to remove crypt(3) from libcrypto, and link
> >libcrypto against libcrypt, thereby ensuring that the function is still
> >present, but providing the canonical/correct version.
> >
> >Could someone take this on and fix it?  Please?
> 	no objection here (glad you mentioned), but it will need a shlib major
> 	bump...

No, it would not.  That's why I suggested linking libcrypto against
libcrypt -- it would still provide (indirectly) a crypt(3) function.