I investigated this issue and found the problem... Note that this has nothing to do with the "OpenSSH and PAM is broken" issue; that is about password expiry and changing your password as you try to log on. The MD5 problem does not occur on all platforms; it only occurs on 7.3 and earlier. It is caused by a symbol messup with libcrypt bs OpenSSL's libcrypto. The pam_unix module calls crypt() to hash the supplied password; normally this will call crypt() from libcrypt.so (note missing o before dot :). This crypt implementation understands Linux password extensions, such as signaling MD5 passwords by prefixing the salt with $1$. With the new OpenSSH, link order or whatever has changed, causing it to pick up crypt() from libcrypto.so, which does not understand these extensions. As a quick workaround, edit /etc/init.d/sshd and add the following line before sshd is started: export LD_PRELOAD=/usr/lib/libcrypt.so This should cause the correct crypt function to be picked up. Sorry for this confusion. We'll make sure to add tests using md5 passwords to our test database. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann