Re: Hmm..passwords.
Kris Kennaway wrote: On Tue, Nov 21, 2000 at 03:32:49PM -0800, David O'Brien wrote: On Tue, Nov 21, 2000 at 08:27:50AM -0800, Kris Kennaway wrote: No longer correct. You don't need to futz with libraries and symlinks any more, Shouldn't we remove "NODESCRYPTLINKS" from /etc/defaults/make.conf and anywhere else it is still used? I think so. There's no operational downside to having a library which can do DES and MD5 passwords any more, since it won't stubbornly default to DES. Ok, maybe I'm the one who is missing something, but what if I *want* a crypt() that stubbornly defaults to DES? The current situation gives me that opportunity. If you remove NODESCRYPTLINKS please provide a suitable substitute, then leave it alone. This is something that's changed several times in -Stable as well as -Current, and it's getting to be a pita. Doug -- So what I want to know is, where does the RED brick road go? Do YOU Yahoo!? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: Hmm..passwords.
hi, there! On Thu, 23 Nov 2000, Chris Knight wrote: NODESCRYPTLINKS was always intended as a temporary workaround. The solution is to use passwd_format=des in your default login class. It's a solution for login. It's not a solution for any application that dynamically links to libcrypt, and then expects the hash algorithm to remain the same - which is a fair assumption to make. I'm exceptionally happy with NODESCRYPTLINKS, so my opinion is to leave it alone. from this point of view default format should always be 'des' with passwd_format=md5 in /etc/login.conf (most applications expect crypt to be des-crypt) /fjoe To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Hmm..passwords.
Hello, Chris Byrnes! On Mon, Nov 20, 2000 at 06:33:21PM -0600, you wrote: I recently went 4.1.1-stable to 4.2-release and now lots of passwords...don't work. Any ideas? The same thing... Mabe the point is in DES/md5 passwords? -- Alexandr P. Kovalenko http://nevermind.kiev.ua/ NEVE-RIPE To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Hmm..passwords.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 21 Nov 2000, Nevermind wrote: ... : The same thing... : Mabe the point is in DES/md5 passwords? FreeBSD has actually defaulted to MD5 passwords for quite a long time to those of us not within the US. However, installing the US crypto has always forced the usage of DES passwords by default. In order to switch your machine back to DES passwords from MD5 passwords, this is what you need to do: [ commands done one line at a time for clear reading ] # cd /usr/lib # rm libcrypt.a # rm libcrypt.so # rm libcrypt.so.2 # rm libcrypt_p.a # ln -s libdescrypt.a libcrypt.a # ln -s libdescrypt.so libcrypt.so # ln -s libdescrypt.so.2 libcrypt.so.2 # ln -s libdescrypt_p.a libcrypt_p.a That's it. Should you desire to switch BACK to MD5 passwords, just take those above steps and do a s/libdescrypt/libscrypt/g on it. Hope this if of help to you all. * Matt Heckaman - mailto:[EMAIL PROTECTED] http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE6GmYXdMMtMcA1U5ARAtp6AJ995uDJnev8k6YaPt8WrP0laJuv+ACgkEAI DZE/qN+NUt8AkAZk2Mu+m/w= =VFbM -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Hmm..passwords.
Hello, Matt Heckaman! On Tue, Nov 21, 2000 at 07:09:57AM -0500, you wrote: FreeBSD has actually defaulted to MD5 passwords for quite a long time to those of us not within the US. However, installing the US crypto has always forced the usage of DES passwords by default. In order to switch your machine back to DES passwords from MD5 passwords, this is what you need to do: [ commands done one line at a time for clear reading ] # cd /usr/lib # rm libcrypt.a # rm libcrypt.so # rm libcrypt.so.2 # rm libcrypt_p.a # ln -s libdescrypt.a libcrypt.a # ln -s libdescrypt.so libcrypt.so # ln -s libdescrypt.so.2 libcrypt.so.2 # ln -s libdescrypt_p.a libcrypt_p.a That's it. Should you desire to switch BACK to MD5 passwords, just take those above steps and do a s/libdescrypt/libscrypt/g on it. Hope this if of help to you all. And if I wanna manage both -- DES MD5? For example I have about 200 users on one machine and I have no physical ability to make them change their passwords. It seems to me it worked fine somewhere between 3.4 and 4.0. -- Alexandr P. Kovalenko http://nevermind.kiev.ua/ NEVE-RIPE To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Hmm..passwords.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 21 Nov 2000, Nevermind wrote: ... : And if I wanna manage both -- DES MD5? For example I have about 200 : users on one machine and I have no physical ability to make them : change their passwords. It seems to me it worked fine somewhere : between 3.4 and 4.0. Oh boy. To be honest Alexandr, I have no idea if this is even possible. It is my understanding that it is _not_ possible, but I've been known to be wrong before. I'll pass this question off to those on the list who are more knowledgeable than me in the area. :) * Matt Heckaman - mailto:[EMAIL PROTECTED] http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE6Gm43dMMtMcA1U5ARAsc/AJ97bKM96lrJ0uKjfyTAz3X5tyn4ZQCg2xiX cnFcQVHNTdjLKGIBP/evP8k= =XXeU -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message