From owner-freebsd-chat  Thu Oct  9 20:33:22 1997
Return-Path: <owner-freebsd-chat>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id UAA19412
          for chat-outgoing; Thu, 9 Oct 1997 20:33:22 -0700 (PDT)
          (envelope-from owner-freebsd-chat)
Received: from obie.softweyr.ml.org ([199.104.124.49])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id UAA19406
          for <chat@freebsd.org>; Thu, 9 Oct 1997 20:33:18 -0700 (PDT)
          (envelope-from wes@xmission.com)
Received: (from wes@localhost) by obie.softweyr.ml.org (8.7.5/8.6.12) id VAA02922; Thu, 9 Oct 1997 21:36:06 -0600 (MDT)
Date: Thu, 9 Oct 1997 21:36:06 -0600 (MDT)
Message-Id: <199710100336.VAA02922@obie.softweyr.ml.org>
From: Wes Peters <softweyr@xmission.com>
To: Dylan Northrup <northrup@ucet.ufl.edu>
CC: chat@freebsd.org
Subject: password question
In-Reply-To: <Pine.A41.3.96.971009112814.95664B-100000@ronell.ucet.ufl.edu>
References: <Pine.A41.3.96.971009112814.95664B-100000@ronell.ucet.ufl.edu>
Sender: owner-freebsd-chat@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Dylan Northrup writes:
 > We're intending on putting a FreeBSD box into production along some AIX
 > boxes.  Is there some sort of way that we can get compatability between
 > the password generated by FreeBSD and the passwords on the AIX boxen?
 > 
 > Currently we rdist the password files to the various machines.  Previously
 > we used yp/NIS, however the password maps were compromised and the idea of
 > using NIS around here again has not been well received.
 > 
 > Are they any ideas that would help with this problem (and, no, we can't
 > just depricate the AIX boxes, no matter how much I'd love to)?

If you add the "des" package to your FreeBSD system, it will use the
standard UNIX password encryption algorithm.  The passwords will not
appear in /etc/passwd, however, so you won't be able to simply rdist
them.

It's been a while since I worked with AIX, so bear with me on this.  If
I remember correctly, the true source for the password entries on AIX is
in a file somewhere in the /etc/secure directory.  The file uses the AIX
"stanza" format, so you'll have to write a filter program to convert
between the FreeBSD format and the AIX format.  It should be pretty
simple to write a script that converts from one format to the other in
temporary file, then rdists the first format to all like machines and
the temporary file to all "foreign" machines.  

I.e., if your "password master" is an AIX system, convert the AIX
/etc/secure/whatever into FreeBSD format at /tmp/passwd, then send
/etc/secure/whatever to the AIX boxes and /tmp/passwd to the FreeBSD
boxes at /etc/master.passwd.

Good luck!

-- 
          "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                       Softweyr LLC
http://www.xmission.com/~softweyr                       softweyr@xmission.com