>>>>> "Thorsten" == Thorsten Kukuk <kukuk@suse.de> writes:
Thorsten> On Sun, Jun 09, Sam Hartman wrote:
>> Debian has received the following request for the OpenBSD
>> bfcrypt support for password hashes.
>>
>> I'm mostly of the opinion that Debian should support this
>> exactly when upstream does; having different password hashes be
>> valid on different Linux distributions will confuse users.
Thorsten> Waiting for every distribution will not work and never
Thorsten> did in the past, or we would still wait for md5 hashes
Thorsten> today (what in same cases would be better).
No, I'm not proposing for waiting for every distribution. I'm
proposing that for most features it is better to wait for the PAM
upstream to support the feature than to introduce
distribution-specific forks. Particularly in the case of PAM I think
this is justified in significant part because PAM has traditionally
been very inconsistent between distributions and I'd hate to make that
worse.
There will naturally be a delay between the time the patch makes it
into an upstream PAM release and the time all distributions support
it.
Thorsten> If you compile pam_unix2 with libxcrypt installed
Thorsten> before, you have a pam module with blowfish support (it
Thorsten> is already in use on SuSE Linux 8.0). You can find the
Thorsten> current sources at:
If the Linux-PAM release ever adopts pam_unix2 as a replacement for pam_unix, I'll do just that;-)
Fortunately Debian is in a position that would make it easy for
someone to add pam_unix2 as an alternate module. So far none of our
developers has chosen to do that.
