From owner-freebsd-security Thu Nov 30 10:53:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from kira.epconline.net (kira.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id BA36737B402 for ; Thu, 30 Nov 2000 10:53:11 -0800 (PST) Received: from therock (betterguard.epconline.net [209.83.132.193]) by kira.epconline.net (8.9.3/8.9.3) with SMTP id MAA76329 for ; Thu, 30 Nov 2000 12:53:09 -0600 (CST) From: "Chuck Rock" To: Subject: RE: /etc/passwd upgrade Date: Thu, 30 Nov 2000 12:55:38 -0600 Message-ID: <003e01c05aff$21333be0$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <20001129220238.A17777@citusc17.usc.edu> Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We've upgraded from 2.2.8 to 3.2 and will be soon 4.2 by just copying the passwd files over. There is a mix of 3DES and MD5 passwords in the passwd file as 2.2.8 was configured with 3DES and the 3.2 is configrued with MD5. All new users get MD5 by default, but the users with 3DES password still work, and won't get MD5 unless they change their password. We've had no problems whatsoever with this, but all the home directories and so forth have to match the passwd file. Is the 128bit ecryption mentioned the MD5 passwords, or is this a security feature we havent used on our system that would make this copying of passwd files not work? Chuck EPC > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Kris Kennaway > Sent: Thursday, November 30, 2000 12:03 AM > To: Gary Aitken > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: /etc/passwd upgrade > > > On Wed, Nov 29, 2000 at 08:47:38PM -0700, Gary Aitken wrote: > > I'm installing a clean version of 4.1 and would like to > maintain the passwords > > from a 2.1 version. The 4.1 version has 128 bit encryption, > and I suspect > > this is the reason the encrypted password field is larger. > > > > So... Is there any way to take the entries from an old 2.1 low-strength > > passwd file and munge them into the high-strength one? > > Short answer: no. > > Slightly more helpful answer: expire all of your old user passwords so > they will be recreated the next time the user logs in. > > Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message