Re: Re: Encrypting pg_shadow passwords

Bruce Momjian <pgman@candle.pha.pa.us> writes:

> > Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > 
> > > > > > For the same reason I don't see any value in the idea of adding
> > > > > > crypt-based double encryption to clients.  We don't really want to
> > > > > > support that over the long run, so why put effort into it?
> > > > > 
> > > > > The only reason to add double-crypt is so we can continue to use
> > > > > /etc/passwd entries on systems that use crypt() in /etc/passwd.
> > > > 
> > > > Haven't many systems (at least Linux and FreeBSD) switched from this
> > > > to other algorithms as default, like MD5? (and usually found in /etc/shadow)
> > > 
> > > Yes, most BSD's are MD5.  I wasn't sure about Linux. 
> > 
> > Most recent (3-4 years and newer) use PAM, which can use MD5 as an
> > underlying module.
> 
> But what is the default?  crypt or md5?

Varies. In Red Hat Linux, it's been user configurable during install
for a couple of years now - it's been default to on for most of that
time, AFAIR.
-- 
Trond Eivind Glomsrød
Red Hat, Inc.