From owner-freebsd-security Wed Nov 10 10:20:28 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 6902A14D23; Wed, 10 Nov 1999 10:20:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 55EEC1CD404; Wed, 10 Nov 1999 10:20:21 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Wed, 10 Nov 1999 10:20:21 -0800 (PST) From: Kris Kennaway To: Nicholas Brawn Cc: freebsd-security@freebsd.org Subject: Re: Status of Passwords/etc in FreeBSD-stable In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 Nov 1999, Nicholas Brawn wrote: > Couple of questions: > 1. Does stable support bcrypt or equivalent. If not are there any plans to > implement this? No and yes. See http://www.physics.adelaide.edu.au/~kkennawa/crypt-990725.tar.gz which is a replacement libcrypt which supports external plug-in crypt "modules" (openbsd-style bcrypt is included). I really need to check whether that tarball actually compiles - someone told me a while ago I left out a header file. This is a WIP, and in particular will not allow external modules to be used for statically-linked binaries (just the two historical formats: MD5 and DES). This is a limitation of dlopen() which I hope will one day get resolved (hacking around it would be ugly). One day when I get time to revisit this and clean it up a bit I plan to try and import it into -current. > 2. Is there any moves to centralise password-related configuration to a > passwd.conf? Min/Max lengths, etc. The above code uses login.conf to specify login capabilities about which password algorithm to use for a user's new password, and any algorithm parameters (e.g. number of rounds for bcrypt). A separate passwd.conf would be a bad idea, IMO. I don't see what you'd need a maximum password length variable for, but there is already a minpasswordlen capability. Kris ---- Cthulhu for President! For when you're tired of choosing the _lesser_ of two evils.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message