How difficult would it be to add a switch to passwd which allows a privileged user to select the password hashing scheme?
Users who need to access DB2 (at least, DB2 V8) must have their passwords stored with CRYPT. Or at least, whatever DB2 we are running here where I work gets tripped up by anything other than crypt. Storing such a users password in md5 causes their DB2 authentication to fail. As far as I can tell, the only way to get that users password into crypt format is: 1. Make CRYPT the default in policy.conf. 2. Manually delete the users password from /etc/shadow. 3. Set the users password. 4. Now you can set the default back to md5, blowfish, etc. Step 2 is required because passwd will always use whatever hashing algorithm was last used for that password, regardless of any policy.conf settings. Having a switch so I can "passwd -z md5 user1" and "passwd -z crypt user2" would be great, especially if it we transparent to the actual user account repository (e.g. "passwd -z ssha" would work with LDAP). Of course, if -z were not specified then the existing scheme would be used for an existing password, or the default scheme specified in policy.conf would be used for a new account. -z would only be required if you wanted to explicitly set something other than default for a new user, or you wanted to override whatever scheme is currently used on an existing users password. Mark -- Georgia: Why am I not doing what they're doing? Rube: Because you're doing what you're doing. When it's time for you to do something else you'll do that.
_______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org