Subject: Re: default passwd.conf file
To: Perry E. Metzger <>
From: Jeremy C. Reed <>
List: tech-security
Date: 04/13/2002 13:49:18
On 13 Apr 2002, Perry E. Metzger wrote:

> Unless there are quite solid objections, I would to to make the
> following our standard /etc/passwd.conf:
> --------------------------------------------------
> default:
>         localcipher = md5
>         ypcipher = old
> --------------------------------------------------
> Note that there is no obvious reason to object. Old password files
> will still work. New passwords will use md5, but if an admin doesn't
> like that he can just change localcipher to old.

Sounds good to use md5 by default.

What about making it the default for pw_getconf(3) instead? (And not
having a /etc/passwd.conf in place by default.)

So in pw_default in /usr/src/lib/libutil/passwd.c change
                { "localcipher",        "old" },
                { "localcipher",        "md5" },

And document in pw_getconf manual page.

(By the way, I'm glad that we offer this new crypt(3) now -- it makes it
easier to migrate to NetBSD!)

   Jeremy C. Reed