Anders Andersson writes: >* Dag-Erling Smorgrav (d...@flood.ping.uio.no) [990403 17:33]: > >> Existing MD5 passwords will still work. New users will get DES >> passwords. > >Thanks, but how do I get all my "old" users to use DES crypted passwords?
Well, the short answer is 'you get them to change their password' . Which is true - you can't take an MD5 hash and turn it into a DES crypt, you'll need their cleartext password first. There are ways of achieving this in a large extent without their knowledge - firstly run crack, see what cleartext passwords you get. That is the easiest. My favourite though is to modify a daemon that uses cleartext authentication (say login, or the pop3 server you're using) to log sucessful attempts to a file which you can then troll for people's cleartext passwords, convert them to DES, and then only ask the few people left for a new password. >Maybe I just should purify my network to loose those DES boxes and run >FreeBSD md5 native only, that would be more secure and faster right? It depends entirely on the setup. I run DES purely because I have solaris and Digital UNIX boxen running DES. >Not necessary at all to use the crypt and secure dirs in /usr/src right? >If you dont need DES crypt that is, or is there any other advantage? > >I hope not, because then I will be happy and do no more cvsup to >cvsup.internat.freebsd.org :-) If you need DES then you'll have to get the sources from a non-US site. Adrian To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
