Date: Mon, 18 Sep 2000 19:44:34 +0100 From: David Pick <D.M.Pick@qmw.ac.uk> To: freebsd-security@FreeBSD.ORG Subject: Re: MD5 passwords vs DES Message-ID: <E13b5u7-000BfZ-00@dialup-janus.css.qmw.ac.uk> In-Reply-To: Your message of "Mon, 18 Sep 2000 10:24:58 %2B0300." <Pine.BSF.4.21.0009181017590.26927-100000@finland.ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
> If you dont mind the side effects you can try to compile passwd and perl > with /usr/lib/libscrypt.a instead of -lcrypt (which defaults to > /usr/lib/libcrypt.a which is linked to either DES or MD5 library) when you > use libscrypt in your passwd and perl programs the passwords these > programs generate will be MD5 by default. The side effect of this is that > your users cant change their own passwords if their old password is DES > since libscrypt doesnt understand DES and if you have perl scripts which > does similar action they may fail. But adduser is a perl script itself so > it would generate MD5 passwords automaticly when you add a new user. > For passwd program its simple in its makefile just change -lcrypt lines > with /usr/lib/libscrypt.a this should do the job I am not sure about perl. > > Is this a good "temporary" solution for you? I don't recompile anything, I just redirect the symbolic links libcrypt* -> libdescript* to become libcrypt* -> libscrypt* in /usr/lib/ I actually do this during system installation before creating any users so the only DES password is the "root" password. "root" can, of course, reset this (getting a MD5 pasword) without having anything checked against the DES password (because it's "root" doing it). -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E13b5u7-000BfZ-00>