Date: Fri, 27 Sep 2002 03:31:08 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Jan Wagner <jan.wagner@de.tiscali.com> Cc: Olafur Osvaldsson <oli@isnic.is>, Dmitry Agafonov <aga@rsm.ru>, freebsd-security@FreeBSD.ORG Subject: Re: Password encoding Message-ID: <Pine.BSF.3.96.1020927025545.10181B-100000@gaia.nimnet.asn.au> In-Reply-To: <20020926124450.A18244@de.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Sep 2002, Jan Wagner wrote:
> Part of man :
>
> The algorithm used will depend upon whether crypt_set_format() has been
> called and whether a global default format has been specified. Unless a
> global default has been specified or crypt_set_format() has set the for-
> mat to something else, the built-in default format is used. This is cur-
> rently DES if it is available, or MD5 if not.
>
> How the salt is used will depend upon the algorithm for the hash. For
> best results, specify at least two characters of salt.
>
> The crypt_get_format() function returns a constant string that represents
> the name of the algorithm currently used. Valid values are `des', `blf'
> and `md5'.
>
> The crypt_set_format() function sets the default encoding format accord-
> ing to the supplied string.
>
> The global default format can be set using the /etc/auth.conf file using
> the `crypt_format' property.
Interestingly (perhaps) on a 4.5 RELEASE box, man 3 crypt includes the
section above as is, except for the very last line which instead says:
the crypt_default property.
Which was also as commented out in the 4.5-R /etc/auth.conf. So I added
# crypt_default = md5 des
crypt_default = md5
and now get md5 passwds as desired when using adduser, which had earlier
created DES passwds - and someone else suggested was broken re this?
I gather that this property was since renamed, as above, for 4.6?
Cheers, Ian
> greets jw
>
> ps. man : (man auth.conf) && man 3 crypt && man 3 auth_getval(!!)
>
> On Thu, Sep 26, 2002 at 09:55:50AM +0000, Olafur Osvaldsson wrote:
[..]
> > Dmitry,
> > You should be able to set it in /etc/auth.conf, but that doesn't work for me.
> >
> > You can instead run crypt_set_format("md5") to set the default for your prog
> > to md5 or blf for blowfish.
> >
> > You could also make sure that your salts start with $<digit>$ wich would then
> > set the algorithm used in encryption, more info on this in the crypt(3) manpage.
> >
> > /Oli
> >
> > On Thu, 26 Sep 2002, Dmitry Agafonov wrote:
> >
> > > Ok, how about more common question. How do I ask system crypt() to use MD5
> > > by default? /etc/make.conf or such?
> > >
> > > --
> > > Dmitry
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> >
> > --
> > Olafur Osvaldsson
> > Systems Administrator
> > Internet a Islandi hf.
> > Tel: +354 525-5291
> > Email: oli@isnic.is
[..]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1020927025545.10181B-100000>