Date: Tue, 21 Nov 2000 15:31:12 -0800 From: "David O'Brien" <obrien@FreeBSD.ORG> To: "Sean O'Connell" <sean@stat.Duke.EDU>, FreeBSD stable <freebsd-stable@FreeBSD.ORG>, green@FreeBSD.ORG Subject: Re: Hmm..passwords. Message-ID: <20001121153112.B1910@dragon.nuxi.com> In-Reply-To: <20001121085551.A3534@citusc17.usc.edu>; from kris@FreeBSD.ORG on Tue, Nov 21, 2000 at 08:55:51AM -0800 References: <20001121135541.A14220@nevermind.kiev.ua> <Pine.BSF.4.21.0011210704230.88234-100000@epsilon.lucida.ca> <20001121082750.A2922@citusc17.usc.edu> <20001121114933.D27266@stat.Duke.EDU> <20001121085551.A3534@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 21, 2000 at 08:55:51AM -0800, Kris Kennaway wrote:
> > Point of clarification: based on the ERRATA, should I add the
> > passwd_format=des to all my machines to preserve interoperablity?
>
> If you want the same NIS password map to be used on "legacy" UNIXes
> which don't talk MD5 they have to be DES passwords. Standalone
> machines should be MD5 for greater security.
When Kris and I discussed this functionality (before Brian went and did
it); we talked about much higher granularity than Brian implemented:
MD5 everywhere
DES everywhere
MD5 locally / DES yp
Convert to MD5
Convert to DES
Maybe in the future we'll get this level granularity. Or maybe this
should have been folded into PAM (which really feels orphaned in FreeBSD
and very few know the vision for PAM w/in FreeBSD).
--
-- David (obrien@FreeBSD.org)
GNU is Not Unix / Linux Is Not UniX
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001121153112.B1910>