Date: Fri, 22 Jan 1999 16:51:40 +0200 From: Maxim Sobolev <sobomax@altavista.net> To: Sheldon Hearn <axl@iafrica.com> Cc: current@FreeBSD.ORG Subject: Re: WARNING: Today's current breaks passwords Message-ID: <36A8907C.828FE9AF@altavista.net> References: <437.917015124@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Maybe your have switched between hashing modes (DES->MD5 or MD5->DES)? Because hashing algorithms doesn't changing without a wide notification has been made. Please check handbook on this subj. Maxim Sheldon Hearn wrote: > This may or may not affect you. > > Today's installworld broke passwords for me. By that, I mean that login, > xdm, su and friends gave authentication failures on all passwords for > all users that I tried. I suspect this has to do with a hashing > algorithm that isn't backward compatible. > > I used Kerberos to get into the machine as root and change important > passwords to exactly what they were before. This worked. The new > encrypted passwords are happy. :) > > I don't want to cause hysteria, and I can't guarantee that my report is > accurate. All the same, do yourself a favour on your next installworld: > > Make SURE you have an open root session somewhere. Do NOT hide > it behind xlock, and do NOT use lock(1) to keep it safe. > > This will allow you to passwd(1) to create new encrypted > passwords for your users. > > If you have shell accounts that need access to the box and you > don't want to have to rehash all their passwords, hold off on > installworld until someone calls me a liar, or a fix is > committed. > > Ciao, > Sheldon. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36A8907C.828FE9AF>