by mail.netbsd.org with SMTP; 26 Sep 2000 12:58:30 -0000
	for tech-security@netbsd.org; Tue, 26 Sep 2000 14:58:27 +0200 (CEST)
To: tech-security@netbsd.org
Path: mjl
From: mjl@nospam.office.emsi.priv.at (Martin J. Laubach)
Newsgroups: emsi.netbsd.tech.security
Subject: Re: Longer passwords
Date: 26 Sep 2000 12:58:21 GMT
Organization: I have some. Really. Somewhere.
Lines: 17
Message-ID: <969973101.26426@maschndrohtzaun.emsi.priv.at>
References: <39C277982A5.6FF4ADMIN@mail.cordef.com.pl> <20000917160757.A10312@antioche.eu.org> <20000917234116.222904@proven.weird.com> <20000918165626.C53834@netbsd.org> <20000918200149.3A9F64@proven.weird.com>
NNTP-Posting-Host: maschndrohtzaun.emsi.priv.at
NNTP-Posting-Date: 26 Sep 2000 12:58:21 GMT
User-Agent: slrn/0.9.6.2 (NetBSD)
Cache-Post-Path: maschndrohtzaun.emsi.priv.at!unknown@cactus.emsi.priv.at

| > It (passwd.conf) has been in -current since early July. Blowfish encryption
| > is not yet supported due to a lack of time at my end.

  Sorry, I must have been asleep at the time or I'd have hollered
then. I really think that the password algorithm selection should
go into login.conf, as there is prior art (Free and BSDI do it,
don't know about Open).

  However, it is coupled somewhat with the controversial issue
of PAM vs BSD-Authentication, so beware, there be dragons.

  For the record: I really think password algorithm selection should
go to login.conf, not some new config file.

	mjl