Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Nov 2000 18:23:51 +0000 (GMT)
From:      Bap <bap@a1.org.uk>
To:        freebsd-stable@freebsd.org
Subject:   Re: Hmm..passwords.
Message-ID:  <200011211823.SAA40356@ns.a1.org.uk>
In-Reply-To: <20001121085551.A3534@citusc17.usc.edu> from Kris Kennaway at "Nov 21, 2000 08:55:51 am"
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Tue, Nov 21, 2000 at 11:49:33AM -0500, Sean O'Connell wrote:
> 
> > This issue probably could stand a little more reinforcing (see below)
> > 
> > grep passwd_format /usr/src/UPDATING 
> > Exit 1
> 
> UPDATING is for hoops to jump through in getting your system up to
> date - I don't know that it's the right place for it.

Surely UPDATING is where any issues that may occur when updating your system get mentioned.
If login.conf was changed to reflect the  change in default, then most people would pick this up in a meregemaster, or diff.
So it should be in either UPDATING or login.conf(?).

Bap.


> 
> > Maybe we could add a
> > 
> > 	:password_format=md5:\
> > 
> > to the default entry or create a commented out des login
> > class like
> > 
> > #des_users:\
> > #	:password_format=des:\
> > #	:tc=default:
> > 
> > to clarify this a bit.  I was surprised for a few minutes
> > but ended up just adding the following to default
> 
> I've already suggested this to Brian Feldman..
> 
> > 	:password_format=des:\
> > 
> > Also, as a side question, does passwd automagically stick to using 
> > DES for NIS-enabled machines so it doesn't corrupt NIS maps on other
> > machines/os's?  I suppose in a FreeBSD-only environment, this would
> > not be a problem, but I have a bunch of Digital Unix machines that
> > I have to support, as well.
> 
> No.
> 
> > Point of clarification: based on the ERRATA, should I add the 
> > passwd_format=des to all my machines to preserve interoperablity?
> 
> If you want the same NIS password map to be used on "legacy" UNIXes
> which don't talk MD5 they have to be DES passwords. Standalone
> machines should be MD5 for greater security.
> 
> Kris

[application/pgp-signature is not supported, skipping...]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011211823.SAA40356>