Lars Tunkrans wrote: > Hi, > > I want to understand what the consequences are of installing the > SUNWcry set of > HI Grade Crypt encryption libs and utils on an existing system. > > 1) I assume that a person with a low grade crypt-ed password will still > be able to log in > after the the hi-grade crypt library is installed and that the > persons password will > be hi-grade encrypted after the next password change . Correct > ?
The contents of the SUNWcry/SUNWcryr packages have on impact what so ever on the output of crypt(3C) which is used to hash (not really encrypt) uses passwords. See: http://opensolaris.org/os/project/crypto/Documentation/sunwcry/ These pacakges are only impact the KCF and PKCS#11 APIs symetric key length for AES, RC4, Blowfish. None of those are applicable for the crypt(3C) function. Even for crypt_bsdbf(5) it doesn't impact it because it uses a private (partial) implementation of Blowfish. > 2) Would a Password stored in JES directory server 5.2 behave differently > ? No, because the answer to 1. > 3) Would the directory servers user Authentication be in any way affected > by the > change of crypt library ? No, because the answer to 1. > 4) I am assumeing here that the Direectory server is using the same Crypt > libraries > that passwd(1) is useing. > If the directory server is useing a private copy of the crypt library > and I upgrade > passwds crypt library to highgrade, I can see a lot of nightmares > coming my way. > Pleas tell me that the directory server and passwd uses the exact > same copy > of the crypt library. N/A because of the answer to 1. -- Darren J Moffat
