From owner-freebsd-security  Sun Apr 19 19:33:26 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA14570
          for freebsd-security-outgoing; Sun, 19 Apr 1998 19:33:26 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.xmission.com (mail.xmission.com [198.60.22.22])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id CAA14561
          for <freebsd-security@freebsd.org>; Mon, 20 Apr 1998 02:33:16 GMT
          (envelope-from softweyr@xmission.com)
Received: from slc402h.modem.xmission.com (xmission.com) [166.70.2.148] 
	by mail.xmission.com with esmtp (Exim 1.82 #2)
	id 0yR6OP-00019v-00; Sun, 19 Apr 1998 20:33:13 -0600
Message-ID: <353AB4CD.81FEC9DB@xmission.com>
Date: Sun, 19 Apr 1998 20:37:02 -0600
From: Wes Peters <softweyr@xmission.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386)
MIME-Version: 1.0
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
CC: Penisoara Adrian <ady@warpnet.ro>, freebsd-security@FreeBSD.ORG
Subject: Re: Using MD5 insted of DES for passwd ecnryption
References: <29805.893026136@time.cdrom.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Jordan K. Hubbard wrote:
> 
> >   How can one control which kind of encryption is to be used by the
> > system for password encryption ? For example I want to use only MD5
> 
> I've often wondered that myself and I'll be interested to hear the
> answer. :)  I suspect the answer is, however, "you can't do that"
> and that we need some sort of /etc/passwd.conf (ducks :-).

I check the source in usr.bin/passwd/local_passwd.c, and it just calls
'crypt.'  I guess you could make a crypt(3) routine that checks passwd.conf
and does the right thing; that would take care of all of the applications
because everyone calls crypt to make sure the password the user just types
matches the one stored in the database.

What do you do when passwd.conf specifies and encryption format you don't
have installed?  Can FreeBSD programs fail gracefull to bind to a shared
library?  I've never probed *that* deeply into shared libraries.  :^)

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message