Date: Fri, 22 Jan 1999 16:25:24 +0200 From: Sheldon Hearn <axl@iafrica.com> To: current@FreeBSD.ORG Subject: WARNING: Today's current breaks passwords Message-ID: <437.917015124@axl.noc.iafrica.com>
next in thread | raw e-mail | index | archive | help
This may or may not affect you. Today's installworld broke passwords for me. By that, I mean that login, xdm, su and friends gave authentication failures on all passwords for all users that I tried. I suspect this has to do with a hashing algorithm that isn't backward compatible. I used Kerberos to get into the machine as root and change important passwords to exactly what they were before. This worked. The new encrypted passwords are happy. :) I don't want to cause hysteria, and I can't guarantee that my report is accurate. All the same, do yourself a favour on your next installworld: Make SURE you have an open root session somewhere. Do NOT hide it behind xlock, and do NOT use lock(1) to keep it safe. This will allow you to passwd(1) to create new encrypted passwords for your users. If you have shell accounts that need access to the box and you don't want to have to rehash all their passwords, hold off on installworld until someone calls me a liar, or a fix is committed. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?437.917015124>