Date: Sat, 28 Jul 2001 04:25:56 +0100 From: Chris Elsworth <chris@shagged.org> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: MD5 and DES hashes Message-ID: <20010728042556.A91233@shagged.org> In-Reply-To: <20010727195404.C58147@xor.obsecurity.org>; from kris@obsecurity.org on Fri, Jul 27, 2001 at 07:54:04PM -0700 References: <20010728012812.A77906@shagged.org> <20010727195404.C58147@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 27, 2001 at 07:54:04PM -0700, Kris Kennaway wrote:
> On Sat, Jul 28, 2001 at 01:28:12AM +0100, Chris Elsworth wrote:
> > Hi all,
> >
> > Would anyone know why my system has just started created DES password
> > hashes instead of MD5 ones? Specifically in PHP and Perl, the call to
> > crypt() used to give me, as desired, MD5 hashes. But now it's started
> > giving me DES hashes. I recently supped and remade world etc,
> > mergemaster'ed - so I'm sure it's a recent commit - but does anyone know
> > what commit, and why was this done? Should it have happened?
> >
> > Cheers for any light anyone can shed,
>
> Check your /etc/login.conf and make sure you've run cap_mkdb on it.
First two effective lines of /etc/login.conf -
default:\
:passwd_format=md5:\
Thats the only reference to md5 or des in it that's not commented out.
I've run cap_mkdb (that takes effect immediately? nothing else has to be
done?) but DES passwords are still created with crypt() :(
I've confirmed the /etc/login.conf.db has been updated by the cap_mkdb -
the filestamp is correct so that worked. Is that the only thing that
affects whether MD5 or DES is used?
--
Chris Elsworth - Software & Systems Developer / Systems Administrator
girls = time x money (and time is money) . chrise@demon.net
= money^2 (money is root of all evil) . . tel: 020 8371 1041
= _/(evil^2) = evil t h u s mob: 07968 324 693
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010728042556.A91233>