Re: [CentOS] How to enable SHA1 passwords after migration from OpenSUSE?
On Sat, Jun 28, 2008 at 1:55 AM, Tim Verhoeven <[EMAIL PROTECTED]> wrote: > First, are you running 5.2 or a older version ? If it is a older > version, first upgrade to 5.2. > > Then read > http://www.centos.org/docs/5/html/release-notes/as-amd64/RELEASE-NOTES-U2-x86_64-en.html#id2914967 > and the section about SHA passwords. As pointed out by Andreas the current passwords are Blowfish-encrypted, not SHA as I thought. Therefore the new SHA support in 5.2 won't help me at all. Looks like I'll have to recompile pam-unix2 from source :-( PaPa ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to enable SHA1 passwords after migration from OpenSUSE?
First, are you running 5.2 or a older version ? If it is a older version, first upgrade to 5.2. Then read http://www.centos.org/docs/5/html/release-notes/as-amd64/RELEASE-NOTES-U2-x86_64-en.html#id2914967 and the section about SHA passwords. Regards, Tim -- Tim Verhoeven - [EMAIL PROTECTED] - 0479 / 88 11 83 Hoping the problem magically goes away by ignoring it is the "microsoft approach to programming" and should never be allowed. (Linus Torvalds) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to enable SHA1 passwords after migration from OpenSUSE?
On Fri, Jun 27, 2008 at 2:03 PM, Papalagi Pakeha <[EMAIL PROTECTED]> wrote: > On Fri, Jun 27, 2008 at 12:11 PM, Andreas Pedersen > <[EMAIL PROTECTED]> wrote: >> On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha >> <[EMAIL PROTECTED]> wrote: >>> Hi there! >>> >>> I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5. >>> Almost everything works great, except for one thing - user passwords. >>> In the old system they were in a form: >>> >>> root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:9:7::: >>> >>> and that format doesn't seem to be understood by CentOS. When I change >>> the password I get something like: >>> >>> root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:9:7::: >>> >>> Note the encrypted password begins with $2a$... in OpenSUSE while in >>> CentOS it starts with $1$... CentOS passwords (MD5?) are understood by >>> OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS. > >> First: '$2a' is not SHA1 its Blowfish. >> >> I belive you need libxcrypt support, I'm not sure just google fast I >> hope this will help you. >> >> # OpenSUSE 10.2 box >> $ ldd /lib/security/pam_unix2.so > > I can't find pam_unix2 for CentOS. It's doesn't seem to be in any of > the repos I know of. Any hint as where to get hold of it? show all pam packages $ rpm -qa \*pam\* list files for pam $ rpm -ql pam I believe you need to rebuild pam modules (pam_unix2), see arch wiki. http://wiki.archlinux.org/index.php/Blowfish_passwords Quote: "You must download libxcrypt PKGBUILD and build it. That's because libcrypt from glibc only supports md5 and DES algorithms, which we don't want." > > PaPa > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to enable SHA1 passwords after migration from OpenSUSE?
On Fri, Jun 27, 2008 at 12:11 PM, Andreas Pedersen <[EMAIL PROTECTED]> wrote: > On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha > <[EMAIL PROTECTED]> wrote: >> Hi there! >> >> I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5. >> Almost everything works great, except for one thing - user passwords. >> In the old system they were in a form: >> >> root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:9:7::: >> >> and that format doesn't seem to be understood by CentOS. When I change >> the password I get something like: >> >> root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:9:7::: >> >> Note the encrypted password begins with $2a$... in OpenSUSE while in >> CentOS it starts with $1$... CentOS passwords (MD5?) are understood by >> OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS. > First: '$2a' is not SHA1 its Blowfish. > > I belive you need libxcrypt support, I'm not sure just google fast I > hope this will help you. > > # OpenSUSE 10.2 box > $ ldd /lib/security/pam_unix2.so I can't find pam_unix2 for CentOS. It's doesn't seem to be in any of the repos I know of. Any hint as where to get hold of it? PaPa ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to enable SHA1 passwords after migration from OpenSUSE?
On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha <[EMAIL PROTECTED]> wrote: > Hi there! > > I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5. > Almost everything works great, except for one thing - user passwords. > In the old system they were in a form: > > root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:9:7::: > > and that format doesn't seem to be understood by CentOS. When I change > the password I get something like: > > root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:9:7::: > > Note the encrypted password begins with $2a$... in OpenSUSE while in > CentOS it starts with $1$... CentOS passwords (MD5?) are understood by > OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS. > Is there any way around that? Perhaps get some PAM module from > OpenSUSE? Or just some setting somewhere? Having to reset passwords > for all my users would be a royal pain. > > Thanks! > > PaPa > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > First: '$2a' is not SHA1 its Blowfish. I belive you need libxcrypt support, I'm not sure just google fast I hope this will help you. # OpenSUSE 10.2 box $ ldd /lib/security/pam_unix2.so linux-gate.so.1 => (0xfbffe000) libpam.so.0 => /lib/libpam.so.0 (0xb7fd2000) libnsl.so.1 => /lib/libnsl.so.1 (0xb7fbb000) libdl.so.2 => /lib/libdl.so.2 (0xb7fb7000) libxcrypt.so.1 => /lib/libxcrypt.so.1 (0xb7f81000) # <--- libc.so.6 => /lib/libc.so.6 (0xb7e4e000) libaudit.so.0 => /lib/libaudit.so.0 (0xb7e3a000) /lib/ld-linux.so.2 (0x8000) http://wiki.linuxfromscratch.org/hints/browser/trunk/blowfish-passwords.txt http://osdir.com/ml/linux.lfs.hardened/2007-01/msg3.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How to enable SHA1 passwords after migration from OpenSUSE?
Hi there! I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5. Almost everything works great, except for one thing - user passwords. In the old system they were in a form: root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:9:7::: and that format doesn't seem to be understood by CentOS. When I change the password I get something like: root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:9:7::: Note the encrypted password begins with $2a$... in OpenSUSE while in CentOS it starts with $1$... CentOS passwords (MD5?) are understood by OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS. Is there any way around that? Perhaps get some PAM module from OpenSUSE? Or just some setting somewhere? Having to reset passwords for all my users would be a royal pain. Thanks! PaPa ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos