Date: Sat, 30 Sep 2000 12:28:58 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: jack <jack@germanium.xtalwind.net>, hackers@FreeBSD.org Subject: Re: stuck on MD5 passwd's, host to revert to DES Message-ID: <200009301629.e8UGSx538498@green.dyndns.org> In-Reply-To: Message from Robert Watson <rwatson@FreeBSD.ORG> of "Sat, 30 Sep 2000 10:49:32 EDT." <Pine.NEB.3.96L.1000930104341.40031E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Fri, 29 Sep 2000, jack wrote: > > > On Sep 28 Kris Kennaway wrote: > > > > > On Thu, 28 Sep 2000, Jim Mercer wrote: > > > > > > > the reason i ask, is that if people cvsup without seeing or noticing this, > > > > they may not realize until too late that the new passwords are md5. > > > > > > > > anyone using nis with non-freebsd systems might get really upset. > > > > > > It should have been documented. It still can be :-) > > > > A change of this magnitude to default system behavior should have > > been preceded by a HEADS UP to the stable list, IMO. Would have > > save me several hours of aggravation. > > As someone who works in an environment where NIS is widely used with > non-FreeBSD systems, I would comment that the current defaults (at least, > change in them) are a disaster, especially given that they weren't > documented. It was confusing enough before when I had to make sure (by > phone, mind you) that people installed the DES support to get NIS to work. > Now the defaults have magically switched, and in a way that wasn't > documented. Joy. Maybe we should update ERRATA or the release notes for > 4.1.1-RELEASE to make sure it's in there, and send out a formal note to > -stable and possibly -announce. While I fortunately heard about this here > first, I would frankly hate to have spent hours and hours remotely > debugging a change that could potentially make it difficult for people to > log in, and then propagated MD5 passwords into a DES password environment. It was documented in login_cap(3). Now it's also documented in login.cap(5) and yp(4). There weren't any complaints about it before, so there was no way to know into the future that people wouldn't know what to do. I think the right thing to do is to update the release notes and send an announcement to -STABLE. > The benefit of the old behavior was that, for FreeBSD to work in a mixed > environment with NIS, DES had to be installed, meaning that DES would be > the default for passwords. This was an implicit effect of allowing > portable use of NIS. I wonder if there would be any way to force users of > NIS to submit passwords using DES by default? The current framework > doesn't seem to support or encourage that in a way that can be "default" > and yet safe for normal use. You had to install DES and _then_ add the +:::::::: line. Now there's one more step. Do you find this unreasonable for more secure defaults? DES passwords work under the assumption that there's just no way to get master.passwd or (for NIS) sniff the wire/add untrusted machines, and are quite trivial to crack, as you know. Other systems still using DES are just about as protected as the first Unix systems that stored only cleartext passwords. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009301629.e8UGSx538498>