On 11/21/05, James Bennett <[EMAIL PROTECTED]> wrote: > > Entering the hash directly would have to be disallowed, making for > another backwards-incompatible change, but I can't think of any reason > why it'd be useful to keep that ability. >
I can think of a reason: as a sysadmin, I have access to my user's hashed passwords, but not their actually passwords. I provide certain web pages on my site to a subset of those users, and none of those pages authenticates directly against /etc/passwd (well, /etc/master.passwd). Copying the hash from master.passwd to the user's password field is useful for me. Perhaps not a good reason, and there are security concerns about abusing master.passwd that way, but that's a whole different discussion :) --joey
