From owner-freebsd-security  Sun Jan  6 19:34:11 2002
Delivered-To: freebsd-security@freebsd.org
Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33])
	by hub.freebsd.org (Postfix) with ESMTP id 2578937B41C
	for <security@FreeBSD.ORG>; Sun,  6 Jan 2002 19:34:07 -0800 (PST)
Received: (from bv@localhost)
	by bilver.wjv.com (8.11.6/8.11.6) id g073Y6Y02264
	for security@FreeBSD.ORG; Sun, 6 Jan 2002 22:34:06 -0500 (EST)
	(envelope-from bv)
Date: Sun, 6 Jan 2002 22:34:06 -0500
From: Bill Vermillion <bv@wjv.com>
To: security@FreeBSD.ORG
Subject: Re: Help with DES > MD5
Message-ID: <20020107033405.GA2105@wjv.com>
Reply-To: bv@wjv.com
References: <bulk.11762.20020106144651@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <bulk.11762.20020106144651@hub.freebsd.org>
User-Agent: Mutt/1.3.25i
Organization: W.J.Vermillion / Orlando - Winter Park
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, Jan 06, 2002 at 02:46:51PM -0800, security-digest thus spoke:

Tal Ben-Eliezer said this:

>   if my question was answered already, sorry, i couldnt keep
> up with the 50 new email's from this list every day :). In my
> login.conf i have defined that the default password hash's should
> be of MD5 structure, though when i check my /etc/master.passwd, it
> seems as though ALL users still use DES. I have applied changes to
> my login.conf using that command (which doesn't come to mind right
> now), and i have also attempted rebooting, i'm very stumped as to
> what i should do to convert my DES hashes to MD5, or just plain
> start using MD5 hashes for future users. I searched for help on
> EFNet, unfortunately no one had an answer; Thanks for your time
> everyone!

If you will look at the top lines in login.conf it notes
that you should run cap_mkdb /etc/login.conf  to rebuild the
login database.

But in the next message Tim J. Robbins said this:

> Adding the :passwd_format=md5: capability to /etc/login.conf in the
> right class works as it should (I just checked then). Next time a user
> changes their password, it is converted to the new encryption format.
> 
> Since you're using DES (not the default), it should be as simple as
> replacing :passwd_format=des: with :passwd_format=md5:.
> 
> Check that you've changed the passwd_format capability for the class
> the users are in.

I changed the login.conf and found no difference and then looked at
login.conf and saw the line about the  cap_mkdb .

I had gotten so used to just scaning down the lines in so many text
configuration files that I just whizzed right over the instructions
:-)  In this case familiarity breeds failure.

Bill


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message