MD5 and shadow for a soft migration
Hello List, I'm using shadow for auth on my SuSE 7.2pro. Now some modules need md5. Is it possible to use MD5 and shadow parallel on one system? I think something like following should run? sufficent md5-module (don't know which module) required shadow (don't know which module) Here should be a md5 password enought to auth to the system, else the shadow will be used. Is it possible? If so are there any security concerns? Which module should I use? (please add some example config) best regards, Hans -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
* r_2@gmx.de wrote on Wed, Jun 18, 2003 at 00:08 +0200:
I'm using shadow for auth on my SuSE 7.2pro. Now some modules need md5. Is it possible to use MD5 and shadow parallel on one system?
? Unsure, if I understand you corrently. MD5 hashes get stored in /etc/shadow by default. shadow can even be mixed, well, new PWs are MD5, old crypted work still. After migration turn it off for security of course. So MD5 "is" shadow maybe? Of course you can put md5 (or other) hashes to LDAP or a database instead of shadow. But you asked for MD5 and shadow. :-)
I think something like following should run? sufficent md5-module (don't know which module) required shadow (don't know which module)
wasn't it like required /lib/security/pam_unix.so md5 to turn on that option? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
it possible to use MD5 and shadow parallel on one system?
? Unsure, if I understand you corrently. MD5 hashes get stored in /etc/shadow by default. shadow can even be mixed, well, new PWs are MD5, old crypted work still. After migration turn it off for security of course. So MD5 "is" shadow maybe? Of course you can put md5 (or other) hashes to LDAP or a database instead of shadow. But you asked for MD5 and shadow. :-)
Sorry I ment MD5 and DES :-) My system is running on DES and I need to migrate to MD5, but it is impossible to do it completly in one task.
I think something like following should run? sufficent md5-module (don't know which module) required shadow (don't know which module)
wasn't it like required /lib/security/pam_unix.so md5 to turn on that option?
is it possible to turn on both? best regards, hans -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
* r_2@gmx.de wrote on Fri, Jun 20, 2003 at 13:15 +0200:
it possible to use MD5 and shadow parallel on one system?
Sorry I ment MD5 and DES :-) My system is running on DES and I need to migrate to MD5, but it is impossible to do it completly in one task.
is it possible to turn on both? (DES == crypt)
I had old crypt'd passwords and new MD5 password hashes working at the same time in a NIS environment (locally on NIS master this is shadow). I just turned on MD5 and crypt continued working seamlessly. This was on a SuSE 7.0/7.1/7.3 environment. It just worked :-) I would say: it is default in a MD5 enabled setup to have working crypt hashes. All changed passwords become MD5 by the time. Finally, it should be possible to prohibit crypt verification in the end. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (2)
-
r_2@gmx.de -
Steffen Dettmer