Darren J Moffat wrote: > Kyle McDonald wrote: >> Hi all. >> >> I just setup a new NIS server on NV. >> >> Then I pasted all the passwd and shadow entries from one of the local >> linux boxes on the end of yp source files. >> >> It just hit me though. The linux box was storing the encrypted >> passwords in a newer format (I beleive so that it can handle longer >> passwords) > > Nit: They aren't Linux format passwords the $1$ MD5 based hashes came > from FreeBSD (as does the source I used in Solaris to support them). > > See also PSARC/2007/642 in the ARC community which I filed only this > week to support the new SHA256/SHA512 based format that Red Hat, IBM, > HP, and Sun developed and have agreed to support ($5 and $6). > Thanks Darren,
If possible, I'd like someone to confirm what I think I've proved by my experiments: 1. The default Solaris config will compare the password entered with the encrypted version in the shadow file using what ever crypt method *the existing password* was encrypted with? 2. The default Solaris config will store changed passwords with the same type of encryption that the old password used? So by default my passwd file can have all sorts of different types of encryption, and it will stay that way? Is there a way to force changed passwords to be stored in a newer format as people change them? I read through the man pages on crypt.conf and policy.conf and it seems I can disallow use of some methods, and/or change the default method, but if both 1 and 2 above are true, I don't think that will force changed passwords to the new default? will it? -Kyle _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
