>1. The default Solaris config will compare the password entered with the
>encrypted version in the shadow file using what ever crypt method *the
>existing password* was encrypted with?
Yes, the existing encryption is encoded in the hash and that encryption
is used, obviously, to compute the hash for the password just entered.
>2. The default Solaris config will store changed passwords with the same
>type of encryption that the old password used?
Yes.
>So by default my passwd file can have all sorts of different types of
>encryption, and it will stay that way?
Correct.
>Is there a way to force changed passwords to be stored in a newer format
>as people change them?
Yes.
>I read through the man pages on crypt.conf and policy.conf and it seems
>I can disallow use of some methods, and/or change the default method,
>but if both 1 and 2 above are true, I don't think that will force
>changed passwords to the new default? will it?
You can:
- set the default (used for new)
- deprecate some (or allow some)
If someone changes their password and they are using a deprecated algrithm
their new password will be encoded with the default.
Casper
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
