From owner-freebsd-current Wed Apr 7 2: 9:48 1999 Delivered-To: freebsd-current@freebsd.org Received: from spinner.netplex.com.au (spinner.netplex.com.au [202.12.86.3]) by hub.freebsd.org (Postfix) with ESMTP id 6CF3C15752 for ; Wed, 7 Apr 1999 02:09:42 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from spinner.netplex.com.au (localhost [127.0.0.1]) by spinner.netplex.com.au (8.9.3/8.9.3/Netplex) with ESMTP id RAA10768; Wed, 7 Apr 1999 17:07:25 +0800 (WST) (envelope-from peter@spinner.netplex.com.au) Message-Id: <199904070907.RAA10768@spinner.netplex.com.au> X-Mailer: exmh version 2.0.2 2/24/98 To: Anders Andersson Cc: Dag-Erling Smorgrav , freebsd-current@FreeBSD.ORG Subject: Re: DES from source? In-reply-to: Your message of "Wed, 07 Apr 1999 10:51:26 +0200." <19990407105126.A6886@sanyusan.se> Content-Transfer-Encoding: 8bit Date: Wed, 07 Apr 1999 17:07:25 +0800 From: Peter Wemm Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Anders Andersson wrote: > * Dag-Erling Smorgrav (des@flood.ping.uio.no) [990403 17:33]: > > > Existing MD5 passwords will still work. New users will get DES > > passwords. > > Thanks, but how do I get all my "old" users to use DES crypted passwords? Unfortunately, passwd(1) will helpfully maintain the same encryption method as was used before. ie: if a user has a MD5 passwd, the new one will also be MD5, regardless of the default. What I've wanted to do for some time is have a passwd re-coder launched from things like login etc when the plaintext password is available. I have wanted to be able to enable a transition to a new method over time. Of course, passwd(1) should ideally be able to be told to ignore the old method too - it looks like /etc/auth.conf is in the beginnings of this. (note that I'm not advocating changing the present system, just having the ability to do the two things above). Cheers, -Peter -- Peter Wemm Netplex Consulting "No coffee, No workee!" :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message