[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: MD5 passwords with pwdb



> 
> On Tue, Apr 13, 1999 at 10:15:46PM +0400, Savochkin Andrey Vladimirovich wrote:
> > On Tue, Apr 13, 1999 at 12:52:24AM -0700, mpg4@paradise.duluoz.net wrote:
> > > 	Now that I'll have a completely PAM-clean installation (or I
> > > will shortly) I thought I would try using the MD5 capability in pwdb.
> > > I changed my password ok, but when I tried to change the root
> > > password, it didn't convert it to MD5.  That was with a straight
> > > 'passwd' command from the command line.  Running 'passwd root' from
> > > the command line converted the passwd to md5 format ok.  My question
> > > is: is this an intentional decision to discourage MD5 root passwords,
> > > or is it an unintentional 'feature'.  Are there security (or other)
> > > issues I'm overlooking in making theconversion to MD5?
> > 
> > I don't know any security reasons to not to convert root password to MD5.
> > So the problem looks like a bug.
> > 
> > What passwd program do you use?
> > Did passwd or pam_pwdb module syslog something special when you called
> > 'passwd' command?
> > 
> 	The only reason I can see for it not working is for cases were
> a program can not handle the different password format. For example the
> sysvinit distributed with redhat uses /sbin/sulogin to login if there
> is something wrong with the system. This is not pam aware.
>

	I used the 'passwd' program that's packaged w/RH5.2.  (Anybody
know where I can find the source for this, BTW?) I checked the one in
the util-linux package (v2.9i), but that wasn't PAM-aware at all.
passwd reported success and logged nothing special.  Is there a
realistic scenario where a sulogin would run, but PAM would fail?  The
libraries are on the root partition, so that isn't an issue.  PAM
itself could break, I suppose....  Thoughts?

-mike

 
> eman
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []