From owner-freebsd-security  Fri May 17 10:26:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.deltanet.com (mail.deltanet.com [216.237.144.132])
	by hub.freebsd.org (Postfix) with ESMTP id 89F0337B403
	for <freebsd-security@FreeBSD.ORG>; Fri, 17 May 2002 10:26:32 -0700 (PDT)
Received: from mammoth.eat.frenchfries.net (da001d1356.lax-ca.osd.concentric.net [208.36.180.81])
	by mail.deltanet.com (8.11.6/8.11.6) with ESMTP id g4HH5pO06624
	for <freebsd-security@FreeBSD.ORG>; Fri, 17 May 2002 10:05:52 -0700
Received: by mammoth.eat.frenchfries.net (Postfix, from userid 1000)
	id 7FB2D50CF; Fri, 17 May 2002 10:26:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by mammoth.eat.frenchfries.net (Postfix) with ESMTP id 7D2484B35
	for <freebsd-security@FreeBSD.ORG>; Fri, 17 May 2002 10:26:23 -0700 (PDT)
Date: Fri, 17 May 2002 10:24:17 -0700 (PDT)
From: Paul Herman <pherman@frenchfries.net>
X-X-Sender: pherman@mammoth.eat.frenchfries.net
To: =?iso-8859-1?Q?Erik_Paulsen_Sk=E5lerud?= <erik@pentadon.com>
Subject: RE: How secure is a password and how many characters does it allow?
In-Reply-To: <200205171632.g4HGWTJ17941@tick.sc.omation.com>
Message-ID: <20020517093415.L934-100000@mammoth.eat.frenchfries.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 17 May 2002, it was written:

> You say that adduser uses DES, while the system defaults to MD5.
> How do you add users then? Using pw useradd etc?

Yeah, that works.  passwd(1) works too.  You can also put:

  crypt_default   =       md5

into /etc/auth.conf, but this is not the same as changing
passwd_format in /etc/login.conf.  This will force *all* programs
that expect a DES hash from crypt() to get an MD5 hash.  This is
generally not a problem nowadays (?), but you may have some old
legacy software on your system that still need this.  Be aware of
this if you change /etc/auth.conf.

If you're not generating your own salts, and just want to keep it
simple, the login_setcryptfmt() / crypt_set_format() aware
programs like pw(8) and passwd(1) are for you.

-Paul.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message