* libmisc/salt.c: Make sure method is not NULL, defaulting to DES.

Thanks to Dan Kopecek <dkopecek@redhat.com>.
* src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but
  the system default define in /Etc/login.defs. Thanks to Dan
  Kopecek <dkopecek@redhat.com>.
* NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention
  DES as the default algorithm.
* src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT
  dependent code accordingly.

ChangeLog

@@ -2,7 +2,13 @@
 
 	* libmisc/salt.c: Make sure method is not NULL, defaulting to DES.
 	Thanks to Dan Kopecek <dkopecek@redhat.com>.
-
+	* src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but
+	the system default define in /Etc/login.defs. Thanks to Dan
+	Kopecek <dkopecek@redhat.com>.
+	* NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention
+	DES as the default algorithm.
+	* src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT
+	dependent code accordingly.
 
 2007-11-23  Nicolas François  <nicolas.francois@centraliens.net>
 

NEWS

@@ -55,6 +55,8 @@ shadow-4.0.18.1 -> shadow-4.0.18.2					UNRELEASED
   passwords.
 - chpaswd, chgpasswd, newusers: New options -c/--crypt-method and
   -s/--sha-rounds to supersede the system default encryption algorithm.
+- chpaswd, chgpasswd, newusers: DES is no more the default algorithm. They
+  will respect the system default configured in /etc/login.defs
 
 *** documentation:
 - Generate the translated manpages from PO at build time.

man/chgpasswd.8.xml

@@ -32,8 +32,8 @@
       remap='I'>password</emphasis>
     </para>
     <para>
-      By default the supplied password must be in clear-text. Default
-      encryption algorithm is DES.
+      By default the supplied password must be in clear-text, and is
+      encrypted by <command>chgpasswd</command>.
     </para>
     <para>
       The default encryption algorithm can be defined for the system with

man/chpasswd.8.xml

@@ -32,9 +32,9 @@
       remap='I'>password</emphasis>
     </para>
     <para>
-      By default the supplied password must be in clear-text. Default
-      encryption algorithm is DES. Also the password age will be updated, if
-      present.
+      By default the supplied password must be in clear-text, and is
+      encrypted by <command>chpasswd</command>.
+      Also the password age will be updated, if present.
     </para>
     <para>
       The default encryption algorithm can be defined for the system with

src/chgpasswd.c

@@ -76,8 +76,7 @@ static void usage (void)
 			   "  -c, --crypt-method	the crypt method (one of %s)\n"
 			   "  -e, --encrypted	supplied passwords are encrypted\n"
 			   "  -h, --help		display this help message and exit\n"
-			   "  -m, --md5		use MD5 encryption instead of DES when the supplied\n"
-			   "			passwords are not encrypted\n"
+			   "  -m, --md5		encrypt the clear text password using the MD5 algorithm\n"
 			   "%s"
 			   "\n"),
 			 Prog,
@@ -128,12 +127,20 @@ int main (int argc, char **argv)
 			{"encrypted", no_argument, NULL, 'e'},
 			{"help", no_argument, NULL, 'h'},
 			{"md5", no_argument, NULL, 'm'},
+#ifdef ENCRYPTMETHOD_SELECT
 			{"sha-rounds", required_argument, NULL, 's'},
+#endif
 			{NULL, 0, NULL, '\0'}
 		};
 
 		while ((c =
-			getopt_long (argc, argv, "c:ehms:", long_options,
+			getopt_long (argc, argv,
+#ifdef ENCRYPTMETHOD_SELECT
+			             "c:ehms:",
+#else
+			             "c:ehm",
+#endif
+			             long_options,
 				     &option_index)) != -1) {
 			switch (c) {
 			case 'c':
@@ -149,6 +156,7 @@ int main (int argc, char **argv)
 			case 'm':
 				md5flg = 1;
 				break;
+#ifdef ENCRYPTMETHOD_SELECT
 			case 's':
 				sflg = 1;
 				if (!getlong(optarg, &sha_rounds)) {
@@ -158,6 +166,7 @@ int main (int argc, char **argv)
 					usage ();
 				}
 				break;
+#endif
 			case 0:
 				/* long option */
 				break;
@@ -312,7 +321,7 @@ int main (int argc, char **argv)
 				if (sflg)
 					arg = &sha_rounds;
 			} else
-				crypt_method = "DES";
+				crypt_method = NULL;
 			cp = pw_encrypt (newpwd,
 			                 crypt_make_salt(crypt_method, arg));
 		}

src/chpasswd.c

@@ -73,8 +73,7 @@ static void usage (void)
 			   "  -c, --crypt-method	the crypt method (one of %s)\n"
 			   "  -e, --encrypted	supplied passwords are encrypted\n"
 			   "  -h, --help		display this help message and exit\n"
-			   "  -m, --md5		use MD5 encryption instead of DES when the supplied\n"
-			   "			passwords are not encrypted\n"
+			   "  -m, --md5		encrypt the clear text password using the MD5 algorithm\n"
 			   "%s"
 			   "\n"),
 			 Prog,
@@ -124,12 +123,20 @@ int main (int argc, char **argv)
 			{"encrypted", no_argument, NULL, 'e'},
 			{"help", no_argument, NULL, 'h'},
 			{"md5", no_argument, NULL, 'm'},
+#ifdef ENCRYPTMETHOD_SELECT
 			{"sha-rounds", required_argument, NULL, 's'},
+#endif
 			{NULL, 0, NULL, '\0'}
 		};
 
 		while ((c =
-			getopt_long (argc, argv, "c:ehms:", long_options,
+			getopt_long (argc, argv,
+#ifdef ENCRYPTMETHOD_SELECT
+			             "c:ehms:",
+#else
+			             "c:ehm",
+#endif
+			             long_options,
 				     &option_index)) != -1) {
 			switch (c) {
 			case 'c':
@@ -145,6 +152,7 @@ int main (int argc, char **argv)
 			case 'm':
 				md5flg = 1;
 				break;
+#ifdef ENCRYPTMETHOD_SELECT
 			case 's':
 				sflg = 1;
 				if (!getlong(optarg, &sha_rounds)) {
@@ -154,6 +162,7 @@ int main (int argc, char **argv)
 					usage ();
 				}
 				break;
+#endif
 			case 0:
 				/* long option */
 				break;
@@ -310,7 +319,7 @@ int main (int argc, char **argv)
 				if (sflg)
 					arg = &sha_rounds;
 			} else
-				crypt_method = "DES";
+				crypt_method = NULL;
 			cp = pw_encrypt (newpwd,
 			                 crypt_make_salt(crypt_method, arg));
 		}