On Fri, 29 Sep 2000, jack wrote:
> On Sep 28 Kris Kennaway wrote:
>
> > On Thu, 28 Sep 2000, Jim Mercer wrote:
> >
> > > the reason i ask, is that if people cvsup without seeing or noticing this,
> > > they may not realize until too late that the new passwords are md5.
> > >
> > > anyone using nis with non-freebsd systems might get really upset.
> >
> > It should have been documented. It still can be :-)
>
> A change of this magnitude to default system behavior should have
> been preceded by a HEADS UP to the stable list, IMO. Would have
> save me several hours of aggravation.
As someone who works in an environment where NIS is widely used with
non-FreeBSD systems, I would comment that the current defaults (at least,
change in them) are a disaster, especially given that they weren't
documented. It was confusing enough before when I had to make sure (by
phone, mind you) that people installed the DES support to get NIS to work.
Now the defaults have magically switched, and in a way that wasn't
documented. Joy. Maybe we should update ERRATA or the release notes for
4.1.1-RELEASE to make sure it's in there, and send out a formal note to
-stable and possibly -announce. While I fortunately heard about this here
first, I would frankly hate to have spent hours and hours remotely
debugging a change that could potentially make it difficult for people to
log in, and then propagated MD5 passwords into a DES password environment.
The benefit of the old behavior was that, for FreeBSD to work in a mixed
environment with NIS, DES had to be installed, meaning that DES would be
the default for passwords. This was an implicit effect of allowing
portable use of NIS. I wonder if there would be any way to force users of
NIS to submit passwords using DES by default? The current framework
doesn't seem to support or encourage that in a way that can be "default"
and yet safe for normal use.
Robert N M Watson
[EMAIL PROTECTED] http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
