Subject: Re: YP and passwd.conf (was Re: default passwd.conf file)
To: Todd Vierling <>
From: Andrew Doran <>
List: tech-security
Date: 04/16/2002 08:01:53
Todd Vierling <> wrote:

> One thing that came to me when catching up with this thread is that this
> change of default will hose people setting up a YP server for the first
> time.

sysinst gives people the following choice (although it should really parse
passwd.conf instead of replacing it). Also, now that I think about it,
changing the defaults in libutil isn't such a good idea, since that will
pull the rug out from under people who upgrade from source and don't touch


 Please choose the password cipher to use.  NetBSD can be configured to use
 either the DES or MD5 schemes.

 The traditional DES scheme is compatible with most other Unix-like operating
 systems, but only the first 8 characters of any password will be recognised.
 The MD5 scheme allows for longer passwords, and some would argue that it's
 more secure.

 If you have a network and intend to use NIS, please bear in mind the
 capabilities of other machines on your network.

                              * Password cipher *
                              *                 *
                              *>a: MD5          *
                              * b: DES          *