Jason King wrote: > On Mon, Sep 1, 2008 at 4:39 PM, James Cornell <[EMAIL PROTECTED]> wrote: >> Yeah been that way the whole time across the board. First thing I do >> after logging in is just that... the only program that needs crypt is >> smc, and smc is dead, and opensolaris is unsupported until they have >> something to replace SXDE, hopefully Indiana 2008.11 fits that bill. >> Suffice to say some of the crazy compatibility restraints are not >> warranted, unless someone here can come up with a case that could affect >> a wide array of programs, I think a rfe needs to be submitted. >> >> James >> On Mon, 2008-09-01 at 22:18 +0100, Robert Milkowski wrote: >>> Hello indiana-discuss, >>> >>> I've installed OpenSolaris b95 recently and I've noticed that old good >>> crypt is still being used for user passwords by default. >>> >>> Why not to change default hashing function to 1 or md5 in >>> /etc/security/policy.conf? > > The biggest offender that I've found are the Veritas Foundation Suite > (VxVM/VxFS) admin guis. While I have not checked 5.0, 4.x and earlier > did not use the proper java apis that would in turn invoke pam, and > Veritas didn't consider this a bug (thus would not fix). Veritas > Cluster Server _could_ also suffer the same problem, but not in the > default configuration (you can tell it to defer to the system for > authentication -- not its default, in which case it did the same thing > and read the hashed value and try to validate itself).
Anyone who would like to pick up bug 178 and make this happen would likely be welcomed, assuming you can get the security community to buy in (security-discuss is their mailing list). Dave Dave > _______________________________________________ > indiana-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/indiana-discuss _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
