Date: Thu, 07 Dec 2000 14:54:08 +0100 From: Karl Dietz <Karl.Dietz@triplan.com> To: Dmitry Karasik <dk@plab.ku.dk> Cc: freebsd-stable@freebsd.org Subject: Re: crypt() default behavior Message-ID: <3A2F9680.A16C609D@triplan.com> References: <uvgswa38t.fsf@plab.ku.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Dmitry Karasik wrote: > I just bumped into problem that passwords encoded on 4.2-stable > do not work on 3.2-stable. AFAIU, the problem is that crypt() > default behaviour is not to use MD5 anymore, and passwords that > are created though adduser are not recognized on older versions. > I didn't follow changes into source tree, so I don't know what > reasons were to change crypt(). From another hand, it's a hack > to patch adduser in a way it calls crypt with MD5 salt, but maybe > you have different opinion? What ( if it ever exists) should be > most elegant way to tackle this problem? to summarize the situation: 3.2 is pre RSA_PATENT_EXPIRED, US_CRYPTO_EXPORT_CHANGE => DES enable by default for USA_RESIDENTS => MD5 is default password encryption for you 4.2 is post RSA_PATENT_EXPIRED, US_CRYPTO_EXPORT_CHANGE => DES enable by default for almost everyone => I don't know the default, but DES and MD5 are possible a possibly solution: IMHO you should add DES support to your 3.2-stable setup. (I have done this, but I don't remember how to do this out of my head) (DES support is the default for USA_RESIDENT=yes and is possible via internat.freebsd.org for USA_RESIDENT=no) another solution: change password encryption default to md5 (but I don't know how) -- mfG Karl Dietz Netzwerk & Systeme E-Shop unter http://www-bs.net.triplan.com/intern/netzwerke.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A2F9680.A16C609D>