Date: Sun, 1 Oct 2000 14:33:25 -0700 From: Kris Kennaway <kris@FreeBSD.org> To: achilov@granch.ru Cc: "Vladimir B. Grebenschikov" <vova@express.ru>, freebsd-security@FreeBSD.ORG Subject: Re: MD5 passwords vs DES Message-ID: <20001001143325.A44714@freefall.freebsd.org> In-Reply-To: <39D79CF0.D794F732@sentry.granch.ru>; from shelton@sentry.granch.ru on Mon, Oct 02, 2000 at 03:22:08AM %2B0700 References: <14789.42660.401430.305445@vbook.express.ru> <39D79CF0.D794F732@sentry.granch.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 02, 2000 at 03:22:08AM +0700, Rashid N. Achilov wrote:
> "Vladimir B. Grebenschikov" wrote:
> >
> > I have a question:
> >
> > Do anybody have ideas to add 'default crypting mode' for utilities
> > like passwd, adduser, etc ?
> >
>
> Manually change for all users passwords to MD5, than simply edit symlink
> libcrypt.so.2 (I assume 4.1-RELEASE) to point to a libscrypt.so.2 and
> libcrypt.a to point to a libscrypt.a. Now you can't use DES passwords
> until revert back links, but all created users now will have MD5-crypted
> passwords
This is no longer true as of 4.1.1-RELEASE, although it wasn't
documented there.
Basically, you control which form users in a particular login class
get with the passwd_format login capability, which takes values of
"des" or "md5". This is documented in login_cap(5) in recent
4.1.1-STABLE, and I think Brian was going to add an erratum about it.
Of course, you still need to install des-capable libraries to enable
des passwords (as before), but it won't magically change the default
password format.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001001143325.A44714>