[Bug 1112999] New: User Password Not getting Stored in MD5 Hash
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1112999 Bug ID: 1112999 Summary: User Password Not getting Stored in MD5 Hash Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: i386 OS: All Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: cp@smart.org.in QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 786940 --> http://bugzilla.opensuse.org/attachment.cgi?id=786940&action=edit This document contains the screen grabs of the Issue we have observed. Hi We were trying to implement Directory service for the Desktop login. We have Opensuse Leap 15 Implemented. We have installed and configured the 389-DS Server. There are several issues we encountered out of them one of the biggest was Creating users through Yast and setting the password for the users. By Default the Users created in 389-ds the password is encrypted in SHA256 which is not supported by the Default by clients ( Opensuse Dektop Login). By Default the opensuse client ( Dektop login ) uses md5 hash. Until and unless the password are not stored in MD5 the users are not able to authenticate. We hd to use a third party tool LDAPADMIN to reset the password in md5 to make the client login work. We also tried setting up the encryption in user management to md5 still the passwords were stored in SHA256. You are requested to refer the docx file we have attached to see our observation. Please let us know how we can 1> Change the Encryption used in client ( Desktop Login to SHA256) 2> Change the Encryption as used in 389-ds to store password. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1112999
CP Singh
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1112999
http://bugzilla.opensuse.org/show_bug.cgi?id=1112999#c2
--- Comment #2 from CP Singh
I am not quite sure if I completely understand the issues you are describing. Some notes, however:
- you should not be using MD5 as password hash algorithm, because it is not a safe practice any more. - when you change the password encryption type in YaST then existing passwords will not be converted. You need to set the user's password again for making the changed algorithm effective.
So your target should be to get sha256 password hashes working correctly. For this you should inspect your 389-ds configuration on server and client side closely.
I am adding the 389-ds maintainers to CC, maybe they can help a bit more with this.
Hi We are not trying to use MD5, But when we store password in md5 is only when the clients are able to authenticate. We would like to Set it to better SHA or AES 256 encryptions. Can you help us to identify how we can change the encryption on the client side and server side? As you can see in the attached document that yast2 is not changing the default encryption. As there is very little documentation from OpenSUSE on 389-DS, we are not able to configure the server or client to do matchmaking of the password. For us, only md5 encryption has worked. Any help will be appreciated. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1112999
CP Singh
participants (1)
-
bugzilla_noreply@novell.com