From owner-freebsd-questions Tue Nov 7 18:35:03 1995 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id SAA13802 for questions-outgoing; Tue, 7 Nov 1995 18:35:03 -0800 Received: from netcom15.netcom.com (dhawk@netcom15.netcom.com [192.100.81.128]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id SAA13790 for ; Tue, 7 Nov 1995 18:34:58 -0800 Received: by netcom15.netcom.com (8.6.12/Netcom) id SAA15287; Tue, 7 Nov 1995 18:34:15 -0800 From: dhawk@netcom.com (David H) Message-Id: <199511080234.SAA15287@netcom15.netcom.com> Subject: More on How to Use DES To: questions@freebsd.org Date: Tue, 7 Nov 1995 18:34:14 -0800 (PST) X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 2177 Sender: owner-questions@freebsd.org Precedence: bulk OK, I got DES installed and copied over the password file and all my people can login now, so that's good. BUT when I try to compile sysadmin/security programs they fail saying they can't find _crypt [not the exact error message]. I untar'd des.aa and compared its /usr/lib with the 'real' one now and all get installed properly. What did I miss? Several of you sent me the procedure to install DES, and I thought I could write it up in a more complete description of the processs: 1. get des.aa from an ftp site if you're inside the US/Canada. mkdir /usr/des and copy des.aa to that directory. cd /usr/des and do tar xfvzp des.aa Take a look at the files you have to install. [It was setup to have to do the tar from root (/)]. 2. backup your system 3. Use vipw to change root and toor in the password file to have no password, just in case things go wrong -- root::0:0: [root and toor will have :: after the name of the account]. 4. reboot and when it pauses for kernel options, use -s to boot single user. Mount all your partitions -- mount / mount /usr and any others. 5. cd /usr/lib and you can mkdir OLD and put all the *crypt* files/links in there. Then mv /usr/des/usr/lib/* /usr/lib 6. copy /usr/des/bin/* and /usr/des/sbin/init to /bin and /sbin/init (you might need to mv /sbin/init /sbin/init.old first). 7. reboot Adding the old password file from another system. 1. put the password file in a secure directory. You'll be in a shadow password/db setup from here on out so no need to give someone access to the file to run crack on. 2. Do man 5 passwd and cut the awk script from the end into a file called awk.pass and then do awk -f awk.pass old.passwd > new.passwd 3. Use vipw and read in new.passwd at the end of the file. Remove duplicate accounts. Exit vipw 4. Use ALT-F2 to login on a different pseudo-terminal and check that it worked. If it did, use ALT-F1 to go back to the first window and set the password on root and toor. Check logging in to those accouts on ALT-F2 again. And you're done. One thing to watch for: some systems get weird if you put a blank line in the password file, so don't do that. ;-)