On Wed, Dec 24, 2014 at 15:10, Ted Unangst wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2014/12/24 15:10:34 > > Modified files: > lib/libc/crypt : cryptutil.c > > Log message: > simplify crypt_checkpass. The API promise is that this function doesn't > use global data. The simplest fix is to only check blowfish passwords, > and implicitly lock out DES passwords. > crypt_checkpass is currently only used in one place, passwd, to verify > the local user's password, so this is probably acceptable. > Gives people a little more time to migrate away from DES before introduing > checkpass into more places.
I have belatedly realized that login_passwd also uses crypt_checkpass(). So now you have a little less time to migrate.
