From owner-freebsd-stable Thu Dec 7 5:54:29 2000 From owner-freebsd-stable@FreeBSD.ORG Thu Dec 7 05:54:27 2000 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from ns.triplan.com (unknown [62.159.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 2E44837B400 for ; Thu, 7 Dec 2000 05:54:25 -0800 (PST) Received: from hermes.triplan.com (root@hermes.net.triplan.com [192.168.1.6]) by ns.triplan.com (8.9.3/8.9.3) with ESMTP id OAA12279; Thu, 7 Dec 2000 14:54:06 +0100 Received: from triplan.com (chuck.sup.bs.triplan.com [192.168.1.158]) by hermes.triplan.com (8.9.3/8.9.3) with ESMTP id OAA26299; Thu, 7 Dec 2000 14:54:18 +0100 Message-ID: <3A2F9680.A16C609D@triplan.com> Date: Thu, 07 Dec 2000 14:54:08 +0100 From: Karl Dietz X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en,de,es MIME-Version: 1.0 To: Dmitry Karasik Cc: freebsd-stable@freebsd.org Subject: Re: crypt() default behavior References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dmitry Karasik wrote: > I just bumped into problem that passwords encoded on 4.2-stable > do not work on 3.2-stable. AFAIU, the problem is that crypt() > default behaviour is not to use MD5 anymore, and passwords that > are created though adduser are not recognized on older versions. > I didn't follow changes into source tree, so I don't know what > reasons were to change crypt(). From another hand, it's a hack > to patch adduser in a way it calls crypt with MD5 salt, but maybe > you have different opinion? What ( if it ever exists) should be > most elegant way to tackle this problem? to summarize the situation: 3.2 is pre RSA_PATENT_EXPIRED, US_CRYPTO_EXPORT_CHANGE => DES enable by default for USA_RESIDENTS => MD5 is default password encryption for you 4.2 is post RSA_PATENT_EXPIRED, US_CRYPTO_EXPORT_CHANGE => DES enable by default for almost everyone => I don't know the default, but DES and MD5 are possible a possibly solution: IMHO you should add DES support to your 3.2-stable setup. (I have done this, but I don't remember how to do this out of my head) (DES support is the default for USA_RESIDENT=yes and is possible via internat.freebsd.org for USA_RESIDENT=no) another solution: change password encryption default to md5 (but I don't know how) -- mfG Karl Dietz Netzwerk & Systeme E-Shop unter http://www-bs.net.triplan.com/intern/netzwerke.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message