From owner-freebsd-questions@FreeBSD.ORG Tue Oct 7 06:00:02 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDA5A16A4B3 for ; Tue, 7 Oct 2003 06:00:02 -0700 (PDT) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [66.30.200.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 415A44400E for ; Tue, 7 Oct 2003 06:00:02 -0700 (PDT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: by be-well.ilk.org (Postfix, from userid 1147) id 570B93AB7; Tue, 7 Oct 2003 09:00:01 -0400 (EDT) Sender: lowell@be-well.ilk.org To: James Moser References: <3F80BB94.10605@ytjameslee.com> From: Lowell Gilbert Date: 07 Oct 2003 09:00:00 -0400 In-Reply-To: <3F80BB94.10605@ytjameslee.com> Message-ID: <44brstmcdr.fsf@be-well.ilk.org> Lines: 30 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@FreeBSD.ORG Subject: Re: Encrypted Password Portability Between releases X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.ORG List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2003 13:00:03 -0000 James Moser writes: > Hey everyone... cryptography is not really my strong point and I'm > trying to do something I thought should have been fairly easy. We > have a number of machines running various versions of FreeBSD from > 4.7-RELEASE to 4.8-STABLE. Our password files for our users are > generated through passwords which are currently being stored in plain > text. I wish to encrypt these on a central server and store them in > the database for better security, however I'm running into some > problems. It appears to work on some systems and some systems it does > not. I have tried DES and MD5 encryption. > > Most of these systems have been upgraded from much earlier releases of > the 4 branch, and the passwords of users not generated from the > database seem to have been find after each upgrade. So my question > is, what am I doing wrong? Is there a way to encrypt a password on > one system and have it work on all FreeBSD machines no matter what > release its running? If I encrypt on a 4.7 box will it work on a 4.8 > system, just not the other way around? > > Thanks for any help of information you can provide. The password formats should be the same on any version of FreeBSD whatsoever, assuming they are supported at all. However, FreeBSD does not keep passwords in plain text on any version, so I'm not really clear on what you were doing in the first place. What you want to do should definitely be possible. [It doesn't sound like a great security idea, for roughly the same reasons that NIS isn't appropriate for hostile environments, but that's another issue.]