On Thu, Nov 04, 1999 at 02:01:35PM +1100, Jamie Carl wrote:
> During the installation of Redhat Linux 6.0 i was asked if
> i wanted to use MD5 and/or Shadow passwords.
> I have recently found out that a security package I am
> trying to use doesn't like MD5 passwords.
> So my question is, how can i turn off MD5 passwords
> without re-installing Linux?
Wrong question...
Right question is how do you get the dain bramaged, so called,
pseudo, security package to support PAM like it should. It may already,
and it's just not configured properly. Where did you get it and did
it come in RPM form?
Turning off MD5 hashes means that your passwords will be limited
to 8 characters or less and much easier to brute force (DES is easier than
md5). Any "security" package that requires that you downgrade your
security is really and insecurity package.
To answer your question, though... There may be an easier way, but
you can edit all of the files in /etc/pam.d and remove the "md5" parameter
to any library lines in them. Then you have to change all your passwords
(there is no coversion to or from md5 and DES hashes). If you're insecurity
package doesn't support the shadow password file (which, if it doesn't
support md5, it probably doesn't support shadow) you need to run the pwunconv
utility to restore the password hashes to the password file.
BUT...
You REALLY DON'T want to do this!
Fix the busted package. Don't compromise the security of your system
just to run this security package. What an oxymoron!
> TIA
> Jamie
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
