> We should switch to using just libdescrypt and being allowed to switch
> crypt formats easily between md5 and des.  My proposed solution using
> login.conf is at http://people.FreeBSD.org/~green/crypt_switching.patch,
> and it's going to be put into production usage relatively soon (that is,
> whether or not it's actually in FreeBSD).

As long as things get switched around so that the format decision is 
external to libdescrypt and the existing password, so we can change an existing
des passwd to md5.  However, in our case, apache still needs to
generate des but *all* other uses want md5.  The link choice is the
easiest way to select this, with environment next.  Config files won't
really work since they can't anticipate all uses.

The full-blown pam implementations do it with pam parameters; login.conf
is fine but won't work for "third-party" situations like I was commenting
on (i.e. apache needs to accept and generate des but most other need 
md5, etc etc)...  Perhaps an environment variable?

libdescrypt is close since it will accept either; a fixed choice for
what it generates, external to *any* application code (e.g. environment 
vars (easiest) or (if possible) config files that are somehow *completely* 
universal (I don't see how to do this without application mods unless the 
library can transparently get at argv[0] independently of what the app does 
like ++argv, etc)) would be nice.

-- Pete

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to