Re: Changing to MD5 shadow passwords?
- Original Message - From: Ethan Benson [EMAIL PROTECTED] To: debian-user@lists.debian.org Sent: Monday, March 19, 2001 5:50 PM Subject: Re: Changing to MD5 shadow passwords? md5 hashes should work regardless of what hash passwd will create. however some time ago it was discovered that pam created bogus md5 hashes due to an endianess bug, backward compatability was retained for awhile but it might be gone now. How would I upgrade if I had a broken pam? Could anyone point me to some docs on this. I really don't want to have to try and upgrade to RH7 -- debian is much smoother in upgrading. And RH7 would probably break under the bogus md5's anyway right? also you can't just drop redhat passwd files onto debian, you will break your system. you can only take the ordinary user accounts from redhat and add them to the debian passwd files. that is uids above 500 from redhat are ok, any uid below 500 is not. How badly would it break? Could I fix it easier than having to rebuild hundreds of users and get them to reset all their passwords.
Re: Changing to MD5 shadow passwords?
On Tue, Mar 20, 2001 at 05:00:39PM -0600, Kevin Long wrote: - Original Message - From: Ethan Benson [EMAIL PROTECTED] To: debian-user@lists.debian.org Sent: Monday, March 19, 2001 5:50 PM Subject: Re: Changing to MD5 shadow passwords? md5 hashes should work regardless of what hash passwd will create. however some time ago it was discovered that pam created bogus md5 hashes due to an endianess bug, backward compatability was retained for awhile but it might be gone now. How would I upgrade if I had a broken pam? Could anyone point me to some docs on this. I really don't want to have to try and upgrade to RH7 -- debian is much smoother in upgrading. And RH7 would probably break under the bogus md5's anyway right? probably. check the pam mailing list archives, they compatility might still be in pam_pwdb (which sucks donkey balls) but i doubt its in pam_unix since it just uses standard libc calls. also you can't just drop redhat passwd files onto debian, you will break your system. you can only take the ordinary user accounts from redhat and add them to the debian passwd files. that is uids above 500 from redhat are ok, any uid below 500 is not. How badly would it break? Could I fix it easier than having to rebuild hundreds of users and get them to reset all their passwords. all you need to do is delete all the redhat system accounts, that is every user and group with a uid and gid below 500. then add the remaining users to your debian stock password files. it doesn't matter that your users have uids of 500, its system accounts like bin daemon sys and such that are different on debian and redhat. replacing debian system accounts wtih redhat system accounts will ruin your system. though i prefer to get uids reallocated starting at 1000 where they belong. i just used an awk script to add the user accounts to debian and reset gecos and password feilds. easy and pie. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpQJVsP6yx0w.pgp Description: PGP signature
Changing to MD5 shadow passwords?
I would like to convert all of my Debian 2.0 and 2.2 systems to MD5 shadow passwords. If I understand the docs correctly all that needs doing is to add md5 to the apropriate lines in /etc/pam.d/passwd and /etc/pam.d/login. Is this correct? rob Live the dream.
Re: Changing to MD5 shadow passwords?
On Mon, Mar 19, 2001 at 10:04:20AM -0500, R. Ransbottom wrote: I would like to convert all of my Debian 2.0 and 2.2 systems to MD5 shadow passwords. If I understand the docs correctly all that needs doing is to add md5 to the apropriate lines in /etc/pam.d/passwd and /etc/pam.d/login. Is this correct? yes, check all the files in /etc/pam.d for `password' lines, add md5 to all password lines with pam_unix.so as the module. note that passwords are only converted to md5 after the user changes thier password. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp2DQgbXWWK0.pgp Description: PGP signature
