Re: crypt() MD5 etc.. (was something else.

["Joseph S. D. Yao" <jsdy cais cais com>]

> 3. The module permits all algorithms, but uses a specified one by
> default for new passwords (the salt string for crypt() is generated
> differently depending which algorithm should be used).  Change the
> default, and force all users whose passwords are encrypted using
> the old algorithm to change their passwords (you would have to do it
> anyway - by disallowing the use of this algorithm, you effectively
> lock their accounts until they are assigned new passwords).

One major Un*x system manufacturer allowed the administrator to force
password changes as described above, OR to allow users to wait until
their passwords expired, and then install the new versions as they
changed their passwords.  This assumed, of course, that password aging
was a prerequisite for this change (it was).  It also required all
'login'-type programs to know about at least two ways of interpreting a
password, and to know which one to try.

Not to needlessly add complexity ...

Joe Yao				jsdy@cais.com - Joseph S. D. Yao