Re: Password encoding

From: Erick Mechler (emechler@techometer.net)
Date: 09/26/02


Date: Wed, 25 Sep 2002 15:26:45 -0700
From: Erick Mechler <emechler@techometer.net>
To: Nomad <mailman@crypton.pl>


:: So I made small investigation. And what I found: new auth_default value
:: in my system is DES !!! And my password on new accounts are only 8
:: characters long !!!

You're going to want to do 2 things. First, make sure that you have your
passwd_format=md5 in your /etc/login.conf (be sure to run cap_mkdb
/etc/login.conf after you do so).

Currently there's a bug with /usr/sbin/adduser which results in changed
passwords defaulting to DES, despite whatever the system default password
scheme is. /usr/sbin/pw and /usr/bin/passwd do not suffer from this
problem.

Bottom line: don't use adduser to set your passwords upon account creation,
use the passwd utility or pw. This will insure that all your system
passwords are created and stay MD5.

Cheers - Erick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message