Dear Bruce, > Yes, the problem is that we used the username for the salt, just like > FreeBSD does for its MD5 passwords.
Not that I know of on FreeBSD? shell> uname -a FreeBSD palo-alto2.ensmp.fr 4.9-STABLE FreeBSD 4.9-STABLE #5: Mon Mar 1 21:31:30 CET 2004 [EMAIL PROTECTED]:/usr/src/sys/compile/IAR2M i386 shell> grep coelho /var/yp/master.passwd coelho:$1$00EacB0I$4kQ/HmqFFQANZP/mxj8ZX0:210:20::0:0:COELHO, Fabien:/users/cri/coelho:/usr/local/bin/bash ^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^ salt some base 64 encoding of 1002 paranoid md5 computations. Even of the salt is based on the login, the point is that it is stored separatly, so the system does not rely on the login string to check the password. The only other scheme which requires the user password somehow is the HTTP digest authentification, and AFAIK no one in the world uses it;-) > The attached patch clears the password field on rename: By 'clearing' and after a look at the patch, I understand that the access will be denied after the rename, which is the current behavior anyway;-) > and adds documention explaining this behavior. I can't think of a > better solution. Yes, I'm afraid there is no 'light' fix, other than acknowledging the fact... Not a big issue. Thanks, -- Fabien Coelho - [EMAIL PROTECTED] ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster