tech-security: Re: default passwd.conf file

Subject: Re: default passwd.conf file
To: Perry E. Metzger <perry@wasabisystems.com>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 04/13/2002 13:49:18

On 13 Apr 2002, Perry E. Metzger wrote:

> Unless there are quite solid objections, I would to to make the
> following our standard /etc/passwd.conf:
>
> --------------------------------------------------
> default:
>         localcipher = md5
>         ypcipher = old
> --------------------------------------------------
>
> Note that there is no obvious reason to object. Old password files
> will still work. New passwords will use md5, but if an admin doesn't
> like that he can just change localcipher to old.

Sounds good to use md5 by default.

What about making it the default for pw_getconf(3) instead? (And not
having a /etc/passwd.conf in place by default.)

So in pw_default in /usr/src/lib/libutil/passwd.c change
                { "localcipher",        "old" },
to
                { "localcipher",        "md5" },

And document in pw_getconf manual page.

(By the way, I'm glad that we offer this new crypt(3) now -- it makes it
easier to migrate to NetBSD!)

   Jeremy C. Reed
   http://www.reedmedia.net/