From owner-freebsd-isp Mon Nov 29 16:15:42 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [209.224.254.131]) by hub.freebsd.org (Postfix) with ESMTP id 63AE215174 for ; Mon, 29 Nov 1999 16:15:26 -0800 (PST) (envelope-from support@westbend.net) Received: from admin (admin.westbend.net [209.224.254.141]) by mail.westbend.net (8.9.3/8.9.3) with SMTP id SAA77712; Mon, 29 Nov 1999 18:15:20 -0600 (CST) (envelope-from support@westbend.net) Message-ID: <019001bf3ac7$fccc17c0$8dfee0d1@westbend.net> From: "Scot W. Hetzel" To: "J.C. Frazier" Cc: References: <38422055.2906C9B2@csocs.com> <001b01bf3a4f$8b1d8be0$1d48b6ca@gothic.net.au> <38430A5F.FB18F6@csocs.com> Subject: Re: apache13-fp-modssl problem with passwords Date: Mon, 29 Nov 1999 18:15:19 -0600 Organization: West Bend Internet MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6000 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.5600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "J.C. Frazier" > > libscrypt* only supports MD5; it's the "export" libraries, and can't support > > DES. libdescrypt* supports both DES and MD5, and defaults to whatever salt > > it gets provided (so if users already have an MD5 password, they stay with > > it... but generally new users get a DES one.) You can either patch descrypt > > to swap the default, or wait for a new crypt() series of functions which > > will allow the choice (this is being written currently, but I can't remember > > the URL.) > > Do you suggest just changing the libcrypt.* libs to symbolically link to the > des libs then, or is there an easier way to change everything over in one > swoop? And do you know if the libs are the only thing I need to change, or are > there other things such as auth.conf? I like your idea, and if the des crypt() > can do both so I wouldn't have to change current passwords on all my users, > things will be much easier. > Yes, change the symbolic links for libcrypt.* so that they point to the libdescrypt.* libraries (instead of the libscrypt.* libraries). The libdescrypt library has support for both DES & MD5 passwords (libdescrypt passes MD5 passwords to libscrypt). This is the only change that needs to be made. This will allow your users to login with either DES/MD5 passwords, as well as making the passwords work in the Apache-FP server. Note: any new/changed passwords will be encrypted with DES. Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message