From owner-freebsd-stable@FreeBSD.ORG Tue Apr 8 06:46:42 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DB6E37B401 for ; Tue, 8 Apr 2003 06:46:42 -0700 (PDT) Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBE6243FB1 for ; Tue, 8 Apr 2003 06:46:41 -0700 (PDT) (envelope-from emechler@radix.cryptio.net) Received: from radix.cryptio.net (localhost [127.0.0.1]) by radix.cryptio.net (8.12.9/8.12.9) with ESMTP id h38DkT21064078 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Apr 2003 06:46:29 -0700 (PDT) (envelope-from emechler@radix.cryptio.net) Received: (from emechler@localhost) by radix.cryptio.net (8.12.9/8.12.9/Submit) id h38DkSnl064076; Tue, 8 Apr 2003 06:46:28 -0700 (PDT) Date: Tue, 8 Apr 2003 06:46:28 -0700 From: Erick Mechler To: Eugene Message-ID: <20030408134628.GP651@techometer.net> References: <20030408091739.GA72859@copoc.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030408091739.GA72859@copoc.ru> User-Agent: Mutt/1.4.1i cc: "freebsd-stable@freebsd.org" Subject: Re: adduser and crypt X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2003 13:46:42 -0000 :: adduser(8) perl script uses crypt(3) to generate encrypted passwords, :: as pointed in /usr/sbin/adduser itself. Currently in /etc/login.conf :: password format is MD5 as default but adduser always generates encrypted :: passwords in DES format. Eugene, I totally agree with you, but for some reason it was decided that /etc/login.conf wasn't a good place to store the default password scheme for adduser. Instead, there's a facility in /etc/auth.conf to set the crypt_default which overrides what format crypt(3) produces (it's a system default for the crypt_set_format() call). This works fine for adduser in producing MD5 passwords, however, it breaks a few other things (mailman was one that I found) that expect crypt to produce DES output (which, IMHO, it should continue to do as it has for decades). To address this, you can patch adduser to only produce MD5 passwords based on the patch in a few PRs, or you can use /usr/ports/sysutils/enteruser. http://www.freebsd.org/cgi/query-pr.cgi?pr=24439 http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/24953 Alternatively you can upgrade to 5.x since the new version of adduser wraps itself around pw(8). Cheers - Erick