27 Commits

Author SHA1 Message Date
Mark Murray
82e377fd12 Updates for Blowfish password hashing. 2001-03-11 16:37:33 +00:00
Brian Feldman
0debe874a0 Fix a premature freeing bug found with malloc debugging courtesy John Hay.
Submitted by:	jhay
2000-08-26 03:42:51 +00:00
Brian Feldman
04c9749ff0 Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter
2000-08-22 02:15:54 +00:00
Nik Clayton
b5edd6da96 Teach passwd about a new "mixpasswordcase" login.conf parameter. If this
parameter is missing, or specified as above, then passwd behaves as normal
when the user enters an all lower case password -- i.e., it prompts them
to use mixed case, and will only grudgingly accept an all lower case
password.

If you negate this entry in login.conf, with "mixpasswordcase@", then
passwd will allow all lower case passwords without complaining.

Approved by:  jkh
2000-02-11 14:08:44 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Mark Murray
7deb53036d Back out the new crypt(3) stuff untill we can go through an independant
"make world" to make sure everything works properly.
1999-01-23 08:36:38 +00:00
Brandon Gillespie
669892b239 Added support for multiple hash formats, and new salt generation code.
It selects which hash format to use by checking /etc/auth.conf for
auth_default.  Leaving auth_default disabled will give the current
behaviour (use the same format as is currently used in the password,
or if a new password default to what crypt likes best--des if it exists).
Now you can set it to one of: des, best, md5 or sha1.  best is a synonym
for sha1, currently.
1999-01-22 15:33:54 +00:00
Joseph Koshy
49ca483aa1 Use the correct name of the login.conf(5) capability (`passwordperiod' ->
`passwordtime').
1998-05-19 03:48:07 +00:00
Andrey A. Chernov
9b0c02c058 Prevent passwd locking database forever waiting for user input
Submitted by: Antti Kaipila <anttik@iki.fi>
1998-03-07 21:42:07 +00:00
Andrey A. Chernov
687ee69a2a Remove srandomdev fallback code 1997-06-14 00:27:03 +00:00
David Nugent
c0809022e4 login_getclass() -> login_getpwclass() 1997-05-10 19:02:38 +00:00
Andrey A. Chernov
c49659eaa6 Initialize RNG only once
Use srandomdev() now
1997-03-24 16:10:26 +00:00
Andrey A. Chernov
28c4ca5ce6 Fix srandom arg type according to Lite2 1997-03-11 14:06:52 +00:00
Andrey A. Chernov
a1b460b73e Add ^ getpid() for better srandom results 1997-03-10 07:46:03 +00:00
Peter Wemm
c115df18cd Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
David Nugent
720cdec3f6 Adds login class support for local & nis passwords:
- minpasswordlen=n         override minimum password length for class.
    - passwordperiod=n[smhdwy] auto-set next password change date.
1997-02-10 15:42:12 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Jordan K. Hubbard
2b5209acaa I haven't had a single contraversial commit all week, so what the
heck.  Watch through our hidden camera, ladies and gentlemen,
as this one-line addition to the syslog output generates hundreds
of thousands of lines of email in response, all from people
decrying the evils of electronic noise pollution! :-)

What this change does, simply speaking, is syslog it every time
someone changes their local password.  I need this at a local ISP to
tell whether people are reacting to expires in a timely fashion or
not.  To disable it, uncomment -DLOGGING in the Makefile.

If your users change their passwords so often as to fill your logfile,
then you may also have another administrative problem to deal with.
1996-11-03 03:11:57 +00:00
Guido van Rooij
79a1b8d9e2 Implement incremental passwd database updates. This is done by ading a '-u'
option to pwd_mkdb and adding this option to utilities invoking it.
Further, the filling of both the secure and insecure databases has been
merged into one loop giving also a performance improvemnet.
Note that I did *not* change the adduser command. I don't read perl
(it is a write only language anyway).
The change will drastically improve performance for passwd and
friends with large passwd files. Vipw's performance won't change.
In order to do that some kind of diff should be made between the
old and new master.passwd and depending the amount of changes, an
incremental or complete update of the databases should be agreed
upon.
1996-07-01 19:38:50 +00:00
Mark Murray
e075ffc9a7 1) Fix local_passwd to co-operate with dual-personality crypt(3).
Changing a local passwd will now keep the encryption type that
   was originally used to encrypt the password, so folks adding DES
   to their systems will not be irritated/confused by having MD5'ed
   passwords in their master.passwd. Coming later is an option to
   allow the user to choose the encryption type.

2) Fix a bunch of compiler warnings announced by turning on -Wall.
   I did not get them all, that will come a bit later.
1995-12-16 09:45:17 +00:00
Peter Wemm
34321f66e1 Fix a cosmetic null termination problem for completeness.
The #ifdef NEWSALT code doesn't NULL terminate the salt string..
We dont appear to use this code anymore, but it shouldn't hurt

Submitted by: Laurence Lopez <lopez@mv.mv.com>
1995-12-11 14:00:48 +00:00
Bill Paul
b62f3dc428 Bug fix: use the use_yp() function in the chpass(1) code to determine
correctly whether a user is local or NIS (or both, or neither). If you
have a user that exists locally but not in NIS, passwd(1) could get
confused and try to submit the password change to NIS. (Fortunately,
yppasswdd is smart enough to spot the error and reject the change.)

Bug reported by: Charles Owens <owensc@enc.edu>
1995-09-02 04:02:28 +00:00
Bill Paul
a3ce11a24d Remove the ypchfn/ypchsh stuff from passwd and leave just the
yppasswd support. The rest is moving into chpass.
1995-08-13 16:07:36 +00:00
Bill Paul
14eb79c475 Argh!! Got the arguments in the printf() backwards. 1995-06-24 18:12:17 +00:00
Bill Paul
1724847d45 Whoops: getnewpasswd() always says "Changing local password for foo".
Change things slightly so this message says "local" or "YP" as needed
so we can use it for both NIS and local password changes without
confusing people.
1995-06-24 18:08:25 +00:00
Poul-Henning Kamp
3dfc7586e5 Always make the salt a 8 char string (incl '\0') for algorithms that can use it 1994-11-06 21:08:19 +00:00
Rodney W. Grimes
9b50d90275 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00