Date: Wed, 28 Feb 1996 21:31:25 -0800 From: Paul Traina <pst@shockwave.com> To: Adam David <adam@veda.is> Cc: mark@grondar.ZA (Mark Murray), freebsd-current@freebsd.org Subject: Re: New Dual-personality crypt Message-ID: <199602290531.VAA01367@precipice.shockwave.com> In-Reply-To: Your message of "Thu, 29 Feb 1996 01:53:39 GMT." <199602290153.BAA23248@veda.is>
next in thread | previous in thread | raw e-mail | index | archive | help
I would strongly suggest that users NOT be allowed to select their method
unless the sysadmin explicitly enables it... and I think a sysadmin would
be a fool to enable it (so I wouldn't even write the code to allow this,
however if someone has too much time on their hands, why not bloat out the
system further :-( ).
In any case, we should not ship with this mode enabled.
From: Adam David <adam@veda.is>
Subject: Re: New Dual-personality crypt
>Nate Williams wrote:
>> How can I force my passwords to be the old DES crypt function on a box
>> that previously used MD5 crypt? There are only two accounts on it (mine
>> and root), but I'd like it to use DES like all of the other machines in
>> the group.
>This was a design point that I could not quite decide on. I decided
>to go the route-of-least-change and keep the encryption algorithm that
>was used to make the entry in the first place.
>> Even after I've re-run passwd after installing the new libraries and
>> binaries, it's still generating MD5 passwords instead of DES passwords.
>I have been slowly getting round to putting a option in passwd(1)
>to allow the user to select the encryption algorithm, but I am not
>too sure how to deal with the case of the system without DES. I'm
>sure I can come up with something.
>> How do I force it to generate old-style DES passwords in spite of what
>> the old passwords were, short of removing the password completely and
>> then re-generating passwords? Shouldn't the new routine 'generate'
>> passwords using the default routines, but read passwords from both?
>See above. I'd greatly appreciate some input on this. I'm kinda
>prepared to go either way once I have some sort of idea what the
>group would prefer. In the meanwhile, it is unfortunately only
>possible to force DES by removing the old MD5 password.
The encryption methods and default behaviour are site-admin decisions.
Therefore it would be useful to see the following as possibilities:
Admins to specify which encrytion methods are available for passwords, and se
>>t
the default to one of { same_as_previous, DES, MD5, ...<other_methods>...
>>}
If users are allowed to select which method, admins should be able to restric
>>t
the choices to any subset of the methods recognised and handled by the site
>>,
thus providing a means of transparent migration from one set of encryption
methods to another.
I understood the original dual-personality crypt announcement essentially to
mean the same as I have stated here, except with the enforcement of {DES, MD5
>>}
as the available set, and that ordinary users would typically have no choice
over which method is used to generate the new password.
--
Adam David <adam@veda.is>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602290531.VAA01367>