OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [MORE] Passwords database
From: Stuart Henderson (sthennaiad.eclipse.net.uk)
Date: Mon Feb 07 2000 - 06:52:38 CST

On Sat, Feb 05, 2000 at 01:36:14PM +0100, Alexander Leidinger wrote:
> If you add a new user, his passwd uses DES, not MD5. You have to add the
> $1$ to the passwd-entry to use a MD5-hash.

That is the main problem with the current system. In very many
applications it would be more useful to allow passwords crypted with
either method to be read but encrypt new passwords with MD5. This
would mean, for example, users could have webserver passwords
crypted with DES (for example, from a Windows htpasswd replacement)
but still allow login passwords to all be MD5.

Would using ldconfig to set the system to find a different crypt()
library before running adduser provide a workaround for this scenario?

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message