Date: Sat, 25 Jul 1998 11:58:15 -0400 (EDT) From: Stuart Krivis <stuart@apk.net> To: Thomas Mullaney <tpm@callisto.jovian.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Quick Questions Message-ID: <Pine.GSO.3.95.980725114409.12024B-100000@junior.apk.net> In-Reply-To: <Pine.BSI.3.95.980725115448.5727B-100000@callisto.jovian.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 25 Jul 1998, Thomas Mullaney wrote: > 1) When doing an initial install it asks me what security services I > want, DES, KERBEROS, and the sources for both. I dont want to run > kerberos, but was does running the DES allow me? DES is simply another method of encryption. It is widely used, but there are some issues surrounding its possible export from the US. (It is against the law to export it if I am recalling correctly.) Most unix systems use "triple-DES" to encode passwords. You take the plaintext password and run it through DES encryption 3 times. The result is stored in the password file (or shadow). The plaintext passwords are never stored on the system. When you login, the password you enter is run through the DES encryption 3 times and the result compared to the stored string in the password file. If they match, you are authenticated and logged in. FreeBSD also includes an alternative to DES called MD5. It works as well or better, judging by what I've read. If you don't install DES, you get MD5. The only problem with this is that your BSDI machines probably use DES. So you may need to use DES with FreeBSD so that you can migrate your users over easily. Using DES will let you simply take the encrypted passwords off BSDI and plug them into the appropriate field in the passwd file on the FreeBSD machines. I hope this helps. -- Stuart Krivis stuart@krivis.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.95.980725114409.12024B-100000>