[BlueOnyx:09928] Re: Importing users that have DES passwords
Hi Ernie, > most linux defaults to DES, you have to edit /etc/login.defs variable > ENCRYPT_METHOD to get it to use MD5 or SHA for the shadow password file. EL5 uses MD5. EL6 uses SHA512 as a default. No, editing /etc/login.defs will not make that much of a difference by itself. Ultimately it is PAM that has the final say about the password formats and which login method is sufficient. Example from EL6: passwordsufficientpam_unix.so nullok use_authtok md5 shadow So although SHA512 is the default on EL6, for all relevant bits and pices we use the MD5 hashed passwords in /etc/shadow. > Are you saying that if I set ENCRYPT_METHOD to DES before I import the > users, that the scripts in the GUI won't be able to deal with it? Let me put it this way: One way or another you can probably get EL6 to correctly authenticate users with their old DES passwords. Most likely by modifying the relevant PAM config files. You can have multiple "sufficient" lines in your PAM config, so having an alternate line with DES in it instead of MD5 might just work. But when you create a new user in the GUI (or when an existing user uses the GUI to change his password), it will be stored in MD5 format. Because that's they way how the GUI will call the system tools to create users or how it sets or changes passwords. Likewise this is how CMU does it. It says: "Here, create user 'John Doe' with the following MD5 password." It would require some experimenting to see if it could be done and what the long term effects would be. -- With best regards Michael Stauber ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:09927] Re: Importing users that have DES passwords
On Mar 28, 2012, at 8:33 PM, Ernie wrote: > > Hi Michael, > most linux defaults to DES, you have to edit /etc/login.defs variable > ENCRYPT_METHOD to get it to use MD5 or SHA for the shadow password file. > > Are you saying that if I set ENCRYPT_METHOD to DES before I import the users, > that the scripts in the GUI won't be able to deal with it? > > > - Ernie. I don't know about _most_ ... But RHEL/Red Hat defaults to MD5 for quite some time... I've got CentOS 4, 5, and SL 6 boxes... MD5 - bone stock. ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:09926] Re: toggle problem on lang Japanese
Hi Michael ; 8 days have passed already from you issue "next 1-2 days". May I ask the currently stats ? EUC characters can't work on Centos6 ? Eiji Hamano > Eiji Hamano wrote: > > Hi > > Would you please let me know the status ? > > Eiji Hamano > > > > >>> Michael Stauber wrote: >>> >>> I think I found the problem. This will be fixed with a YUM update during >>> the >>> next 1-2 days. It's currently in testing. > ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:09925] Re: Importing users that have DES passwords
Hi Michael, most linux defaults to DES, you have to edit /etc/login.defs variable ENCRYPT_METHOD to get it to use MD5 or SHA for the shadow password file. Are you saying that if I set ENCRYPT_METHOD to DES before I import the users, that the scripts in the GUI won't be able to deal with it? - Ernie. > > Hi Ernie, > > > I have about 350 users that I want to import into a virtual site, that have > > come from an old FreeBSD server that was using DES56 passwords not MD5. Is > > there anyway of converting their passwords to MD5 or failing that can DES56 > > passwords be supported on a BX server? > > I think a conversion from DES56 to MD5 isn't possible. At least not in an > easy > fashion. I could be wrong on that, but I doubt it. > > DES56 shouldn't be used anymore these days, as it only allows for a maximum > password length of 8 characters. > > Switching BlueOnyx to DES56 is also not trivial. Even if DES56 is (still) > supported by the OS, too many bits and pices in the GUI dealing with user > management or CMU just assume MD5. So it would require a lot of changes and > would lover overall security and maintainability. > > It may be easier to create a tab delimited list of usernames and new random > passwords. Email the new passwords to the users prior to the migration with > enough advanced notice. Then on the day of the move, just run a script that > walks through your list and sets the pre-made random passwords for each user. > > -- > With best regards > > Michael Stauber > ___ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx > -- "I Ping therefore I am." ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:09924] Re: Importing users that have DES passwords
Hi Ernie, > I have about 350 users that I want to import into a virtual site, that have > come from an old FreeBSD server that was using DES56 passwords not MD5. Is > there anyway of converting their passwords to MD5 or failing that can DES56 > passwords be supported on a BX server? I think a conversion from DES56 to MD5 isn't possible. At least not in an easy fashion. I could be wrong on that, but I doubt it. DES56 shouldn't be used anymore these days, as it only allows for a maximum password length of 8 characters. Switching BlueOnyx to DES56 is also not trivial. Even if DES56 is (still) supported by the OS, too many bits and pices in the GUI dealing with user management or CMU just assume MD5. So it would require a lot of changes and would lover overall security and maintainability. It may be easier to create a tab delimited list of usernames and new random passwords. Email the new passwords to the users prior to the migration with enough advanced notice. Then on the day of the move, just run a script that walks through your list and sets the pre-made random passwords for each user. -- With best regards Michael Stauber ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:09923] Re: Looking for paid support
On Tue, Mar 27, 2012 at 4:12 PM, Matt Darnell wrote: > Aloha, > > I am looking for consulting time to address the following issues: > > 1. Email issues > 2. Wordpress setup > 3. Trouble ticket system installation - http://www.otrs.com/en/ or similar > > Please email or call 1-808-356-0022 to discuss the issue and agree on > the amount of time needed. > > Aloha, > Matt Thank you for all the responses. I will email again if I need additional help. Aloha, Matt ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:09922] Re: Email Forwarding
- Original Message - From: "Bill Hicks" To: "BlueOnyx General Mailing List" Sent: Wednesday, March 28, 2012 10:37 AM Subject: [BlueOnyx:09921] Email Forwarding > Hi, > > In BO 5107 where can I find the email addresses that a users email is > getting forwarded to (what file)? I can not access it via the gui cause it > is broken so I have to use SSH and I am rebuilding the site on another > server. > > I found the email addresses that the server is receiving on and the users > they are assigned to in /etc/mail/virtusertable, just need the email > addresses that are being forwarded to. > > Bill Hicks > Bill cd ~theirusername cat .forward Ken Marcus Precision Web Hosting, Inc. http://www.precisionweb.net ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:09921] Email Forwarding
Hi, In BO 5107 where can I find the email addresses that a users email is getting forwarded to (what file)? I can not access it via the gui cause it is broken so I have to use SSH and I am rebuilding the site on another server. I found the email addresses that the server is receiving on and the users they are assigned to in /etc/mail/virtusertable, just need the email addresses that are being forwarded to. Bill Hicks ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:09920] Importing users that have DES passwords
I have about 350 users that I want to import into a virtual site, that have come from an old FreeBSD server that was using DES56 passwords not MD5. Is there anyway of converting their passwords to MD5 or failing that can DES56 passwords be supported on a BX server? The orignally came from a Slackware linux box, onto a FreeBSD server that had the libdescrypt.a installed so the passwords didn't have to be changed, but that box needs to be retired and so I thought it would be a good chance to move them across to BX. - Ernie. ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
