From owner-freebsd-security  Thu Apr 23 09:02:35 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA24945
          for freebsd-security-outgoing; Thu, 23 Apr 1998 09:02:35 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from phoenix.volant.org (phoenix.volant.org [205.179.79.193])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA24679
          for <freebsd-security@freebsd.org>; Thu, 23 Apr 1998 09:02:02 -0700 (PDT)
          (envelope-from patl@phoenix.volant.org)
From: patl@phoenix.volant.org
Received: from asimov.phoenix.volant.org [205.179.79.65] 
	by phoenix.volant.org with smtp (Exim 1.62 #1)
	id 0ySORm-0007VF-00; Thu, 23 Apr 1998 09:02:02 -0700
Received: from localhost by asimov.phoenix.volant.org (SMI-8.6/SMI-SVR4)
	id JAA16515; Thu, 23 Apr 1998 09:00:11 -0700
Date: Thu, 23 Apr 1998 09:00:11 -0700 (PDT)
Reply-To: patl@phoenix.volant.org
Subject: Re: Static vs. dynamic linking (was Re: Using MD5 insted of DES ...) 
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <4940.893278929@critter.freebsd.dk>
Message-ID: <ML-3.3.893347211.7096.patl@asimov>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> What about the SHS ($2$) suport for crypt() should we sneak that in
> at the same time ?
> 
> Did we also agree that login.conf can specify which encryption to 
> use along these lines:
> 
>      modify existing password:
>           entry in login.conf ?
>                yes: use what login.conf says
>                no: use same as existing password.

As long as we've touched on this, I'd like to suggest that the
login.conf entry have some way of specifying that modifications
should use the same encryption as the existing password.  If it
is (still) supported; otherwise use the default for creation.
This is mostly a cover-all-the-bases suggestion.

>      create new password:
>           entry in login.conf ?
>                yes: use what login.conf says
>                no: use same as current root password

I'd also like to suggest that the encryption specification in
login.conf be an ordered list rather than a single item.  This
way we could ship a default login.conf that would automatically
take advantage of stronger optional encryption methods when
they are installed.



-Pat

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message