Date: Wed, 25 Sep 2002 15:26:45 -0700 From: Erick Mechler <emechler@techometer.net> To: Nomad <mailman@crypton.pl> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Password encoding Message-ID: <20020925222645.GJ45330@techometer.net> In-Reply-To: <20020925221718.GA63296@killer.crypton.pl> References: <20020925221718.GA63296@killer.crypton.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
:: So I made small investigation. And what I found: new auth_default value :: in my system is DES !!! And my password on new accounts are only 8 :: characters long !!! You're going to want to do 2 things. First, make sure that you have your passwd_format=md5 in your /etc/login.conf (be sure to run cap_mkdb /etc/login.conf after you do so). Currently there's a bug with /usr/sbin/adduser which results in changed passwords defaulting to DES, despite whatever the system default password scheme is. /usr/sbin/pw and /usr/bin/passwd do not suffer from this problem. Bottom line: don't use adduser to set your passwords upon account creation, use the passwd utility or pw. This will insure that all your system passwords are created and stay MD5. Cheers - Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020925222645.GJ45330>