Date: Wed, 28 Feb 1996 23:36:54 -0800 (PST) From: invalid opcode <coredump@nervosa.com> To: Paul Traina <pst@shockwave.com> Cc: Adam David <adam@veda.is>, Mark Murray <mark@grondar.ZA>, freebsd-current@freebsd.org Subject: Re: New Dual-personality crypt Message-ID: <Pine.BSF.3.91.960228232503.23102B-100000@nervosa.com> In-Reply-To: <199602290531.VAA01367@precipice.shockwave.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Feb 1996, Paul Traina wrote: > In any case, we should not ship with this mode enabled. Ahh, ignore some of my previous post, I say we should check which method root's password has been encrypted with and use that as passwd(8)'s base. Seeing as root is the only one who can change root's password, this will effectively limit the policy setting to root only. I opt for an extra flag to passwd(8) of which will only take effect if the user is root, i.e. users can specify the flag, but it will have no effect. /etc/passwd: root:YZrx4tbVBxKLI:0:0:root:/root:/bin/sh Obviously this is DES, so passwd(8) will use DES as the default for all password's being changed or added. /etc/passwd: root:$1$5Srrllqi$ee22rrbdqXAwnyyeahright:0:0::0:0:root:/root:/bin/sh Obviously this is md5, so passwd(8) will use md5 as the default from now on. This also has the added option of being able to change your policy globally by just changing the root password with the extra passwd(8) flag. == Chris Layne ============================================================== == coredump@nervosa.com ================= http://www.nervosa.com/~coredump ==
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960228232503.23102B-100000>