From owner-freebsd-stable  Tue Nov 21 15:31:18 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38])
	by hub.freebsd.org (Postfix) with ESMTP
	id E54FC37B4D7; Tue, 21 Nov 2000 15:31:14 -0800 (PST)
Received: from dragon.nuxi.com (root@trang.nuxi.com [209.152.133.57])
	by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id PAA30478;
	Tue, 21 Nov 2000 15:31:14 -0800 (PST)
	(envelope-from obrien@NUXI.com)
Received: (from obrien@localhost)
	by dragon.nuxi.com (8.11.1/8.11.1) id eALNVDG02122;
	Tue, 21 Nov 2000 15:31:13 -0800 (PST)
	(envelope-from obrien)
Date: Tue, 21 Nov 2000 15:31:12 -0800
From: "David O'Brien" <obrien@FreeBSD.ORG>
To: "Sean O'Connell" <sean@stat.Duke.EDU>,
	FreeBSD stable <freebsd-stable@FreeBSD.ORG>, green@FreeBSD.ORG
Subject: Re: Hmm..passwords.
Message-ID: <20001121153112.B1910@dragon.nuxi.com>
Reply-To: stable@FreeBSD.ORG
References: <20001121135541.A14220@nevermind.kiev.ua> <Pine.BSF.4.21.0011210704230.88234-100000@epsilon.lucida.ca> <20001121082750.A2922@citusc17.usc.edu> <20001121114933.D27266@stat.Duke.EDU> <20001121085551.A3534@citusc17.usc.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20001121085551.A3534@citusc17.usc.edu>; from kris@FreeBSD.ORG on Tue, Nov 21, 2000 at 08:55:51AM -0800
X-Operating-System: FreeBSD 5.0-CURRENT
Organization: The NUXI BSD group
X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Rsa-Keyid: 1024/34F9F9D5
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Nov 21, 2000 at 08:55:51AM -0800, Kris Kennaway wrote:
> > Point of clarification: based on the ERRATA, should I add the 
> > passwd_format=des to all my machines to preserve interoperablity?
> 
> If you want the same NIS password map to be used on "legacy" UNIXes
> which don't talk MD5 they have to be DES passwords. Standalone
> machines should be MD5 for greater security.

When Kris and I discussed this functionality (before Brian went and did
it); we talked about much higher granularity than Brian implemented:

MD5 everywhere
DES everywhere
MD5 locally / DES yp
Convert to MD5
Convert to DES

Maybe in the future we'll get this level granularity.  Or maybe this
should have been folded into PAM (which really feels orphaned in FreeBSD
and very few know the vision for PAM w/in FreeBSD).

-- 
-- David  (obrien@FreeBSD.org)
          GNU is Not Unix / Linux Is Not UniX


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message