In r113596, version 4 of entries have been added but pwd_mkdb have

been generating both new (machine independent) and legacy version
entries (endianness sensitive).

The base system have been using the new format for quite some time,
so disable the generation by default.

An interim option, -l, have been added to re-enable old behavior.
The -l, -B and -L options are considered deprecated and will be
removed in FreeBSD 12.0 release.

usr.sbin/pwd_mkdb/pwd_mkdb.8

@@ -36,7 +36,7 @@
 .Nd "generate the password databases"
 .Sh SYNOPSIS
 .Nm
-.Op Fl BCiLNp
+.Op Fl BCilLNp
 .Op Fl d Ar directory
 .Op Fl s Ar cachesize
 .Op Fl u Ar username
@@ -61,14 +61,10 @@ different from the historic Version 7 style format.
 .Pp
 The options are as follows:
 .Bl -tag -width flag
-.It Fl B
-Store data in big-endian format.
 .It Fl C
 Check if the password file is in the correct format.
 Do not
 change, add, or remove any files.
-.It Fl L
-Store data in little-endian format.
 .It Fl N
 Tell
 .Nm
@@ -116,6 +112,34 @@ encrypted password and the insecure version has an asterisk (``*'')
 The databases are used by the C library password routines (see
 .Xr getpwent 3 ) .
 .Pp
+By default,
+the
+.Nm
+utility generates new,
+machine independent format
+.Pq v4
+entries only.
+For compatibility with
+.Fx 5.0
+and earlier releases,
+the
+.Fl l
+option may be specified,
+which enables generation of legacy format
+.Pq v3
+entries.
+The legacy format entries are endianness dependent.
+.Pp
+The following options may be specified and will affect the
+generation of legacy entries.
+.Pp
+.Bl -tag -width flag
+.It Fl B
+Store data in big-endian format.
+.It Fl L
+Store data in little-endian format.
+.El
+.Pp
 The
 .Nm
 utility exits zero on success, non-zero on failure.

usr.sbin/pwd_mkdb/pwd_mkdb.c

@@ -112,15 +112,15 @@ main(int argc, char *argv[])
 	char sbuf2[MAXPATHLEN];
 	char *username;
 	u_int method, methoduid;
-	int Cflag, dflag, iflag;
+	int Cflag, dflag, iflag, lflag;
 	int nblock = 0;
 
-	iflag = dflag = Cflag = 0;
+	iflag = dflag = Cflag = lflag = 0;
 	strcpy(prefix, _PATH_PWD);
 	makeold = 0;
 	username = NULL;
 	oldfp = NULL;
-	while ((ch = getopt(argc, argv, "BCLNd:ips:u:v")) != -1)
+	while ((ch = getopt(argc, argv, "BCLlNd:ips:u:v")) != -1)
 		switch(ch) {
 		case 'B':			/* big-endian output */
 			openinfo.lorder = BIG_ENDIAN;
@@ -128,6 +128,9 @@ main(int argc, char *argv[])
 		case 'C':                       /* verify only */
 			Cflag = 1;
 			break;
+		case 'l':			/* generate legacy entries */
+			lflag = 1;
+			break;
 		case 'L':			/* little-endian output */
 			openinfo.lorder = LITTLE_ENDIAN;
 			break;
@@ -465,6 +468,7 @@ main(int argc, char *argv[])
 					error("put");
 			}
 
+			if (lflag) {
 			/* Create insecure data. (legacy version) */
 			p = buf;
 			COMPACT(pwd.pw_name);
@@ -555,6 +559,7 @@ main(int argc, char *argv[])
 					error("put");
 			}
 		}
+		}
 		/* Create original format password file entry */
 		if (is_comment && makeold){	/* copy comments */
 			if (fprintf(oldfp, "%s\n", line) < 0)
@@ -583,6 +588,7 @@ main(int argc, char *argv[])
 			error("put");
 		if ((sdp->put)(sdp, &key, &data, method) == -1)
 			error("put");
+		if (lflag) {
 		tbuf[0] = LEGACY_VERSION(_PW_KEYYPENABLED);
 		key.size = 1;
 		if ((dp->put)(dp, &key, &data, method) == -1)
@@ -590,6 +596,7 @@ main(int argc, char *argv[])
 		if ((sdp->put)(sdp, &key, &data, method) == -1)
 			error("put");
 	}
+	}
 
 	if ((dp->close)(dp) == -1)
 		error("close");