Re: MD5 passwords

[Ben Pfaff <pfaffben@pilot.msu.edu>]

Stephen Crowley <crow@debian.org> writes:

   > Do all system utilities support MD5 passwords?  Do they introduce
   > incompatibilities with other OSes?

   I'm not positive but I think all the system utils do support it. But it is
   incompatible with older *nixes, I think it should tell the user about this
   and then let them decide to enable it or not. I think I heard somewhere that
   freebsd has this on by default now.

My thought would be to offer it but default to `no' until/unless
there's consensus in debian-devel or debian-policy that MD5 passwords
are preferred.

Are you running md5 passwords and if so have you encountered any
problems?  If I want to test md5 passwords on my machines, how do I
set them up?

   > Also, it's not possible to convert passwords between MD5 and standard
   > crypt(), so it's not just a matter of doing something analogous to
   > `shadowconfig on'/`shadowconfig off' like we have for shadow
   > passwords.

   Yes, that would be a concern.

I assume that it's possible to validate both ways at once (i.e., have
a passwd file with some md5 passwords and some `legacy' passwords),
and have the passwd set new or changed passwords in the currently
selected password format?