Encrypted Password Portability Between releases

[Lowell Gilbert]

James Moser <james at ytjameslee.com> writes:

> Hey everyone...  cryptography is not really my strong point and I'm
> trying to do something I thought should have been fairly easy.  We
> have a number of machines running various versions of FreeBSD from
> 4.7-RELEASE to 4.8-STABLE.  Our password files for our users are
> generated through passwords which are currently being stored in plain
> text. I wish to encrypt these on a central server and store them in
> the database for better security, however I'm running into some
> problems.  It appears to work on some systems and some systems it does
> not.  I have tried DES and MD5 encryption.
> 
> Most of these systems have been upgraded from much earlier releases of
> the 4 branch, and the passwords of users not generated from the
> database seem to have been find after each upgrade.  So my question
> is, what am I doing wrong?  Is there a way to encrypt a password on
> one system and have it work on all FreeBSD machines no matter what
> release its running? If I encrypt on a 4.7 box will it work on a 4.8
> system, just not the other way around?
> 
> Thanks for any help of information you can provide.

The password formats should be the same on any version of FreeBSD
whatsoever, assuming they are supported at all.  However, FreeBSD does
not keep passwords in plain text on any version, so I'm not really
clear on what you were doing in the first place.

What you want to do should definitely be possible.  [It doesn't sound
like a great security idea, for roughly the same reasons that NIS
isn't appropriate for hostile environments, but that's another issue.]