Well, just so u know, and i'm no security buff, but the package
doesn't support md5 passwords during the installation (or something
like that).. But when I install the SECURITY package it replaces
programs such as 'su', 'login', 'passwd' and all such related files
with SECURE versions, which actually use 1024-bit encrypted passwords.
It even replaces in.telnetd so that the telnet connection itself is
encrypted. But it needs to be able to read the existing passwords
to be able to update them to the new encrypted ones from what i can
gather.
But as i sed, i'm not a security buff and i'm learning as i go and
just going by wot ppl like you and others tell me. Besides, I have
my reasons for doing such things like this and your concern is
appreciated, but not warrented.
Thanx.
Jamie
-----Original Message-----
From: Michael H. Warfield [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 4 November 1999 3:17
To: [EMAIL PROTECTED]
Subject: Re: MD5 Passwords
On Thu, Nov 04, 1999 at 02:01:35PM +1100, Jamie Carl wrote:
> During the installation of Redhat Linux 6.0 i was asked if
> i wanted to use MD5 and/or Shadow passwords.
> I have recently found out that a security package I am
> trying to use doesn't like MD5 passwords.
> So my question is, how can i turn off MD5 passwords
> without re-installing Linux?
Wrong question...
Right question is how do you get the dain bramaged, so called,
pseudo, security package to support PAM like it should. It may already,
and it's just not configured properly. Where did you get it and did
it come in RPM form?
Turning off MD5 hashes means that your passwords will be limited
to 8 characters or less and much easier to brute force (DES is easier
than
md5). Any "security" package that requires that you downgrade your
security is really and insecurity package.
To answer your question, though... There may be an easier way,
but
you can edit all of the files in /etc/pam.d and remove the "md5"
parameter
to any library lines in them. Then you have to change all your
passwords
(there is no coversion to or from md5 and DES hashes). If you're
insecurity
package doesn't support the shadow password file (which, if it doesn't
support md5, it probably doesn't support shadow) you need to run the
pwunconv
utility to restore the password hashes to the password file.
BUT...
You REALLY DON'T want to do this!
Fix the busted package. Don't compromise the security of your
system
just to run this security package. What an oxymoron!
> TIA
> Jamie
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 |
http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of
all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
