From owner-freebsd-security Wed Oct 6 1:32:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from dvutavr.carrier.kiev.ua (dvutavr.carrier.kiev.ua [193.193.193.120]) by hub.freebsd.org (Postfix) with ESMTP id D619D14CE4; Wed, 6 Oct 1999 01:32:30 -0700 (PDT) (envelope-from nfb@nn.kiev.ua) Received: from kozlik.carrier.kiev.ua (kozlik.carrier.kiev.ua [193.193.193.111]) by dvutavr.carrier.kiev.ua (8.Who.Cares/Kilkenny_is_better) with ESMTP id LLQ44046; Wed, 6 Oct 1999 11:30:15 +0300 (EEST) (envelope-from nfb@nn.kiev.ua) Received: from nn.UUCP (uucp@localhost) by kozlik.carrier.kiev.ua (8.The.Best/UUCP_FOREVER) with UUCP id LLB00895; Wed, 6 Oct 1999 11:28:44 +0300 (EEST) (envelope-from nfb@nn.kiev.ua) Received: from nn.UUCP (uucp@localhost) by kozlik.carrier.kiev.ua (rmail mypid=00894 childpid=00895) with UUCP; Wed, 06 Oct 1999 08:28:44 +0000 GMT Received: by nn.kiev.ua (UUPC/@ v7.00, 29Jul97) id AA06197; Wed, 6 Oct 1999 11:18:31 +0300 (EDT) To: freebsd-security@freebsd.org, kris@hub.freebsd.org X-Comment-To: Kris Kennaway References: Message-ID: From: "Valentin Nechayev" Date: Wed, 6 Oct 1999 11:18:31 +0300 (EDT) X-Mailer: dMail [Demos Mail for DOS v2.06] Subject: Re: Long username/password MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 29 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > If the DES libraries are already installed on a system, is there a > > way to still use MD5 passwords by default? > > No. Unless you make a trivial change to passwd(1). Adding a command-line > switch to do this would probably be a welcome feature. Possibly, not command-line switch - this should be host policy. I'd prefer something similar to /etc/malloc_options. It is quite easy to read link. This link must be used at least by pw(1) and passwd(1). Possible definitions: 'M' - always create new crypts as MD5 '5' - create crypts for new accounts, or cases of empty password or '*' in pw_passwd field (in code - all cases of first two characters of crypt not in [A-Za-z0-9./] ) Is it acceptable? P.S. There were some rumours about totally new libcrypt. What is the state of it? -- NN To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message