From owner-freebsd-security  Wed Oct  6  1:32:41 1999
Delivered-To: freebsd-security@freebsd.org
Received: from dvutavr.carrier.kiev.ua (dvutavr.carrier.kiev.ua [193.193.193.120])
	by hub.freebsd.org (Postfix) with ESMTP
	id D619D14CE4; Wed,  6 Oct 1999 01:32:30 -0700 (PDT)
	(envelope-from nfb@nn.kiev.ua)
Received: from kozlik.carrier.kiev.ua (kozlik.carrier.kiev.ua [193.193.193.111])
        by dvutavr.carrier.kiev.ua (8.Who.Cares/Kilkenny_is_better) with ESMTP id LLQ44046;
        Wed, 6 Oct 1999 11:30:15 +0300 (EEST)
        (envelope-from nfb@nn.kiev.ua)
Received: from nn.UUCP (uucp@localhost)
	by kozlik.carrier.kiev.ua (8.The.Best/UUCP_FOREVER) with UUCP id LLB00895;
	Wed, 6 Oct 1999 11:28:44 +0300 (EEST)
	(envelope-from nfb@nn.kiev.ua)
Received: from nn.UUCP (uucp@localhost)
	by kozlik.carrier.kiev.ua (rmail mypid=00894 childpid=00895) with UUCP;
	Wed, 06 Oct 1999 08:28:44 +0000 GMT
Received: by nn.kiev.ua (UUPC/@ v7.00, 29Jul97)
          id AA06197; Wed,  6 Oct 1999 11:18:31 +0300 (EDT)
To: freebsd-security@freebsd.org, kris@hub.freebsd.org
X-Comment-To: Kris Kennaway <kris@hub.freebsd.org>
References: <Pine.BSF.4.10.9910051426130.82242-100000@hub.freebsd.org>
Message-ID: <ABNNm-tS1U@nn.kiev.ua>
From: "Valentin Nechayev" <nfb@nn.kiev.ua>
Date: Wed,  6 Oct 1999 11:18:31 +0300 (EDT)
X-Mailer: dMail [Demos Mail for DOS v2.06]
Subject: Re: Long username/password
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 29
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kris Kennaway <kris@hub.freebsd.org> wrote:

> > If the DES libraries are already installed on a system, is there a
> > way to still use MD5 passwords by default?
>
> No. Unless you make a trivial change to passwd(1). Adding a command-line
> switch to do this would probably be a welcome feature.

Possibly, not command-line switch - this should be host policy.
I'd prefer something similar to /etc/malloc_options.
It is quite easy to read link.

This link must be used at least by pw(1) and passwd(1). Possible
definitions:

'M' - always create new crypts as MD5
'5' - create crypts for new accounts, or cases of empty password or '*'
      in pw_passwd field (in code - all cases of first two characters of
      crypt not in [A-Za-z0-9./] )

Is it acceptable?

P.S. There were some rumours about totally new libcrypt. What is the
state of it?

--
NN




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message