From owner-freebsd-questions  Sun Jul  2 19:27:28 1995
Return-Path: questions-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id TAA16442
          for questions-outgoing; Sun, 2 Jul 1995 19:27:28 -0700
Received: from haven.ios.com (haven.ios.com [198.4.75.45])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id TAA16433
          for <freebsd-questions@freebsd.org>; Sun, 2 Jul 1995 19:27:23 -0700
Received: (from rashid@localhost) by haven.ios.com (8.6.11/8.6.9) id WAA01943; Sun, 2 Jul 1995 22:29:59 -0400
From: "Rashid Karimov." <rashid@haven.ios.com>
Message-Id: <199507030229.WAA01943@haven.ios.com>
Subject: Re: crossing passwords bsdi<->FreeBSD
To: brian@MediaCity.com (Brian Litzinger)
Date: Sun, 2 Jul 1995 22:29:59 -0400 (EDT)
Cc: freebsd-questions@freebsd.org
In-Reply-To: <m0sSV5E-000rehC@easynet.com> from "Brian Litzinger" at Jul 2, 95 12:53:36 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1834      
Sender: questions-owner@freebsd.org
Precedence: bulk

		Hi there,

> 
> 
> Now I'm at the point where Im ready to convert some machines which allow
> user logins.  The password database is distributed among many machines,
> so what I need is a way to distribute passwords to BSDI BSD/386 1.1
> machines and FreeBSD 2.0.5 at the same time.
> 
> I've already noted the the FreeBSD passwords and not interchangable with
> the BSD/386 1.1 passwords.  

	Yes , the default crypt() in FreeBSD 2* is MD5 based, because of
	certain restriction for DES source code's redistrib. outside US.
	So the encrypted passwords look different from those encrypted
	using DES
> 
>     If I upgrade FreeBSD with the DES stuff, will they then use the
> 	same scheme?

	Yes , DES is pretty standard.

	I would recommend to everybody in US who's about to install FreeBSD
	to use _DES from the very beginning , especially if you have
	other Unices as well . It's quite possible that you'll have to move
	accounts or to run some auth. servers on FreeBSD.
	If you stick to DES you'll be able to exchange password files
	freely between different Unices/machines. Assuming that those
	use DES too, of course

	I have a Q: has any1 here modified passwd source code -
	I remember one I used to have on SCO . In that scheme admin
	was able impose some restrictions on new password , from 
	that very good one was:

	users were not able to choose passwords themselves - the
	pronouncable passwords were generated for them by the
	program itself.
	So when the user saw the funniest/easiest_to _remember one,
	he/she just retyped it back to the program.

	Little paranoid , but worth to use - I'm pretty sure that
	on ISP's servers ~30 % users have the same password as their
	login name.

	And we have unused ( yet?) field in the master.passwd , which
	we probably can use ?  Or keep the track in separate DB ...

	Rashid