summaryrefslogtreecommitdiffstats
path: root/etc/auth.conf
Commit message (Collapse)AuthorAgeFilesLines
* Finally nuke auth.conf, nine years after it was deprecated. The onlydes2012-06-121-8/+0
| | | | | | | | | | | | | | | | | | thing it was still used for was to set the "global default" password hash. Since the stock auth.conf contained nothing but comments, the global default was actually the first algorithm in crypt(3)'s list, which happens to be DES; I take the fact that nobody noticed as proof that it was not used outside of crypt(3). The only other use in our tree was in the Kerberos support code in in tinyware's passwd(1). I removed that code in an earlier commit; it would not have compiled anyway, as it only supported Kerberos IV. The auth_getval() function is now a stub that always returns NULL, which has the same effect as a functional auth_getval() with an empty auth.conf. MFC after: 3 weeks
* auth.conf seems to be being gradually subsumed by user classesrwatson2003-07-281-5/+3
| | | | | | | | | and PAM configuration. Remove the line concerning "auth_list" from the template, since it's referenced only in the tinyware password command, and only #ifdef KERBEROS, which isn't defined in tinyware. Add a comment about auth.conf being on the way out the door. The one remaining consumer of auth.conf is crypt(3).
* Merge into a single US-exportable libcrypt, which only providespeter2000-12-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | one-way hash functions for authentication purposes. There is no more "set the libcrypt->libXXXcrypt" nightmare. - Undo the libmd.so hack, use -D to hide the md5c.c internals. - Remove the symlink hacks in release/Makefile - the algorthm is set by set_crypt_format() as before. If this is not called, it tries to heuristically figure out the hash format, and if all else fails, it uses the optional auth.conf entry to chose the overall default hash. - Since source has non-hidden crypto in it there may be some issues with having the source it in some countries, so preserve the "secure/*" division. You can still build a des-free libcrypt library if you want to badly enough. This should not be a problem in the US or exporting from the US as freebsd.org had notified BXA some time ago. That makes this stuff re-exportable by anyone. - For consistancy, the default in absence of any other clues is md5. This is to try and minimize POLA across buildworld where folk may suddenly be activating des-crypt()-hash support. Since the des hash may not always be present, it seemed sensible to make the stronger md5 algorithm the default. All things being equal, no functionality is lost. Reviewed-by: jkh (flame-proof suit on)
* $Id$ -> $FreeBSD$peter1999-08-271-1/+1
|
* More libcrypt backout.markm1999-01-241-8/+2
|
* Added comment about how auth_default is used by passwd.brandon1999-01-221-2/+8
|
* Add auth.conf. JKH Added the code to understand this to libutil, andmarkm1998-10-081-0/+10
I will be following up with commits to use it in KerberosIV userland.
OpenPOWER on IntegriCloud