From owner-freebsd-current  Wed Feb 28 23:37:39 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id XAA13576
          for current-outgoing; Wed, 28 Feb 1996 23:37:39 -0800 (PST)
Received: from nervosa.com (root@nervosa.com [192.187.228.86])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id XAA13556
          for <freebsd-current@freebsd.org>; Wed, 28 Feb 1996 23:37:34 -0800 (PST)
Received: from nervosa.com (coredump@onyx.nervosa.com [10.0.0.1]) by nervosa.com (8.7.4/nervosa.com.2) with SMTP id XAA23291; Wed, 28 Feb 1996 23:37:00 -0800 (PST)
Date: Wed, 28 Feb 1996 23:36:54 -0800 (PST)
From: invalid opcode <coredump@nervosa.com>
To: Paul Traina <pst@shockwave.com>
cc: Adam David <adam@veda.is>, Mark Murray <mark@grondar.ZA>,
        freebsd-current@freebsd.org
Subject: Re: New Dual-personality crypt 
In-Reply-To: <199602290531.VAA01367@precipice.shockwave.com>
Message-ID: <Pine.BSF.3.91.960228232503.23102B-100000@nervosa.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-current@freebsd.org
Precedence: bulk

On Wed, 28 Feb 1996, Paul Traina wrote:

> In any case, we should not ship with this mode enabled.

Ahh, ignore some of my previous post, I say we should check which method 
root's password has been encrypted with and use that as passwd(8)'s base. 
Seeing as root is the only one who can change root's password, this will 
effectively limit the policy setting to root only. I opt for an 
extra flag to passwd(8) of which will only take effect if the user is 
root, i.e. users can specify the flag, but it will have no effect.

/etc/passwd:
root:YZrx4tbVBxKLI:0:0:root:/root:/bin/sh

Obviously this is DES, so passwd(8) will use DES as the default for all 
password's being changed or added.

/etc/passwd:
root:$1$5Srrllqi$ee22rrbdqXAwnyyeahright:0:0::0:0:root:/root:/bin/sh

Obviously this is md5, so passwd(8) will use md5 as the default from now 
on.

This also has the added option of being able to change your policy 
globally by just changing the root password with the extra passwd(8) flag.

== Chris Layne ==============================================================
== coredump@nervosa.com ================= http://www.nervosa.com/~coredump ==