Hi,
Hy, having installed my first SUSE system [BTW 6.3] (and against my will) finding it much better than i expected of a "user-friendly" instalation.
:)
When browsing the new system i found something that i thought i would never found in a modern linux setup, the passwords were using only the first 8 caracters of a password, that is using DES, why doesn't it uses MD5 crypt.
this topic was discussed serveral times before.. so, please check the archives before posting to this list.
I may be wrong, and i hope this isn't the default. It it is, then i consider it a bug.
NO! It isn't a bug. It's a bug to use MD5 as default, because DES is standard in the unix environment and not all apps understand MD5.
My question then is: how to install a better crypt or how to setup a better crypt.
look at Thorsten's PAM docu... MD5 passwords on SuSE Linux =========================== SuSE Linux is able to handle MD5 passwords. With MD5 encryption, passwords can be longer than 8 characters (up to 128 characters). Since MD5 encryption is not compatible with the standard Unix crypt() function, most commercial Unices and some programs don't work with MD5 passwords. So be careful, if you enable this feature. How to enable MD5 passwords: ---------------------------- You need to add the option "md5" to the "password" rules in the PAM config files. You can find the config files in /etc/pam.d. For example, you need to change the following lines in /etc/pam.d/passwd: password required /lib/security/pam_pwcheck.so \ nullok password required /lib/security/pam_unix.so \ nullok use_first_pass use_authtok to: password required /lib/security/pam_pwcheck.so \ nullok md5 password required /lib/security/pam_unix.so \ nullok md5 use_first_pass use_authtok This is necessary for every program which is able to change the user's password. At the moment these are at least: /etc/pam.d/login, /etc/pam.d/passwd, /etc/pam.d/sshd and /etc/pam.d/rlogin. Some sample PAM config files with enabled md5 encryption can be found in the directory /usr/doc/packages/pam/md5.config/ If you use NIS, you need to replace /usr/bin/yppasswd with a link to /usr/bin/passwd: # cd /usr/bin # mv yppasswd yppasswd.old # ln -sf passwd yppasswd The password will be converted into an MD5 one after the next password change. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47