From owner-freebsd-questions  Sat Jul 25 08:58:59 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA03809
          for freebsd-questions-outgoing; Sat, 25 Jul 1998 08:58:59 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from junior.apk.net (stuart@junior.apk.net [207.54.158.20])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA03800
          for <freebsd-questions@FreeBSD.ORG>; Sat, 25 Jul 1998 08:58:56 -0700 (PDT)
          (envelope-from stuart@junior.apk.net)
Received: from localhost by junior.apk.net (8.9.1/8.9.1) with SMTP id LAA15744;
	Sat, 25 Jul 1998 11:58:16 -0400 (EDT)
Date: Sat, 25 Jul 1998 11:58:15 -0400 (EDT)
From: Stuart Krivis <stuart@apk.net>
To: Thomas Mullaney <tpm@callisto.jovian.net>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Quick Questions
In-Reply-To: <Pine.BSI.3.95.980725115448.5727B-100000@callisto.jovian.net>
Message-ID: <Pine.GSO.3.95.980725114409.12024B-100000@junior.apk.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 25 Jul 1998, Thomas Mullaney wrote:

> 1)  When doing an initial install it asks me what security services I
> want, DES, KERBEROS, and the sources for both.  I dont want to run
> kerberos, but was does running the DES allow me?

DES is simply another method of encryption. It is widely used, but there
are some issues surrounding its possible export from the US. (It is
against the law to export it if I am recalling correctly.)

Most unix systems use "triple-DES" to encode passwords. You take the
plaintext password and run it through DES encryption 3 times. The result
is stored in the password file (or shadow).

The plaintext passwords are never stored on the system.

When you login, the password you enter is run through the DES encryption 3
times and the result compared to the stored string in the password file.
If they match, you are authenticated and logged in.

FreeBSD also includes an alternative to DES called MD5. It works as well
or better, judging by what I've read. If you don't install DES, you get
MD5.

The only problem with this is that your BSDI machines probably use DES. So
you may need to use DES with FreeBSD so that you can migrate your users
over easily. Using DES will let you simply take the encrypted passwords
off BSDI and plug them into the appropriate field in the passwd file on
the FreeBSD machines.

I hope this helps. 

-- 

Stuart Krivis    stuart@krivis.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message