[Pkg-shadow-devel] Bug#117707: md5 passwd considered harmless
Martin Quinson
Martin Quinson <martin.quinson@loria.fr>, 117707@bugs.debian.org
Mon, 9 May 2005 10:26:34 +0200
--84ND8YJRMFlzkrP4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
package passwd
retitle 117707 [MARTIN] md5 passwd should be enabled by default
thanks
Hello,
back in 2001, the bug submitter asked for the default settings of md5 and
shadow on passwd to be set to "true". It looks like that the defaults are
always the following:
md5->false
passwd->true
Back in these days, it was said that the first setting was set that was for
compatibility with old systems. Rumor about parts of debian not working with
md5 passwords also occur from time to time.
My opinion is to change md5 to true. The template reads:
Md5 passwords are more secure and allow for passwords longer than 8
characters to be used. However, they can cause compatibility problems if
you are using NIS or sharing password files with older systems.
so I think we don't even have to change this, it's already clear enough.
If it breaks some other package, it's more than time to update the given
package! Of course, I don't advice doing so for sarge, but for etch >:-)
May I proceed or do someone speak against it?
Mt.
--84ND8YJRMFlzkrP4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCfx66IiC/MeFF8zQRAiG8AKDTXv+Nt4xCujwKGVnJU+bRas78nwCgjBXa
eeaE9yk+SH8BQ33H/SPlouU=
=cvSR
-----END PGP SIGNATURE-----
--84ND8YJRMFlzkrP4--