Subject: Re: default passwd.conf file
To: None <>
From: gabriel rosenkoetter <>
List: tech-security
Date: 04/15/2002 04:22:31
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 15, 2002 at 03:46:30AM -0400, Sean Davis wrote:
> I think it should "just work" for the pkgsrc version also - at least, I've
> used programs on non-md5-crypt machines, and moved them over to my NetBSD
> machine which uses md5, and crypt() seems to recognize what type of passw=
> hashing was used and act accordingly. (ie a database that had DES passwor=
> still works fine, and I can put MD5 passwords in it and it still works)

Um, of course it does, because crypt() doesn't live in each binary,
it lives in a shared object (

(Build yourself a statically-linked version of sshd that doesn't
know about md5 and you will shoot yourself in the foot.)

That's the whole point of the argument between login.conf and
passwd.conf; it's not login (or programs that do logging in) that
reads passwd.conf, it's functions in a shared library which a
variety of software (not just daemons, su too, probably sudo) read.

gabriel rosenkoetter

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see