Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Oct 1999 14:15:25 -0700 (PDT)
From:      Kris Kennaway <kris@hub.freebsd.org>
To:        "Rashid N. Achilov" <shelton@sentry.granch.ru>
Cc:        Dag-Erling Smorgrav <des@flood.ping.uio.no>, freebsd-security@FreeBSD.ORG
Subject:   Re: Long username/password
Message-ID:  <Pine.BSF.4.10.9910051126420.82242-100000@hub.freebsd.org>
In-Reply-To: <Pine.BSF.4.10.9910051343340.3144-100000@sentry.granch.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 5 Oct 1999, Rashid N. Achilov wrote:

> > DES *is* the default if the DES libraries are installed, unless the
> > user in question already has an MD5 password (in which case the system
> > will keep using MD5 every time he/she changes his/her password)
> 
> What can I really check, which passwd length is supported, and what can I
> revert to MD5, if need?

As DES pointed out (we really need a committer with initials MD5 just for
symmetry :-) once you have an MD5 password for your account it will remain
MD5 when you next change it. The easiest way to do this is to go to a
machine which has MD5 passwords, generate any password, and then
cut-n-paste it from /etc/master.passwd into your /etc/master.passwd. Then
you can change your password again and it will stay MD5.

Alternatively, you can generate an MD5 password by removing the
/usr/lib/libcrypt.* symlinks and repoint them to /usr/liblibscrypt - this
will temporarily switch off DES encryption, so you might want to do this
in single-user mode. Then just generate a new password using passwd(1) as
normal, and it will be MD5 since DES support is no longer enabled. Then
you can switch back on the DES libraries if you really need them.

This is kind of crufty - probably someone should just add a temporary
switch to passwd(1) which lets you choose whether to use MD5 if you have
DES installed. I have code which fixes things properly, but it's not quite
commit-worthy and I'm exiled in the land of the "free".

Kris




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910051126420.82242-100000>