[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Need to convert back from md5 encryption in password file



I'm sorry to point this out, but...
The idea of using the 'hash' for protecting passwords
is that they cant be recovered... (all you can do is compare
another hashed password and see if they are the same).

sooo.... you cant 'convert' existing passwords from md5
hashing to 'crypt' hashing... at least not with any reasonable
amount of compute power. (If you CAN, we are all in big trouble :-).

The upshot is that the only way to complete the conversion is
to force a password change :-(

-----Original Message-----
From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On
Behalf Of Earle F. Ake
Sent: Monday, May 06, 2002 12:17 PM
To: PAM List
Subject: Need to convert back from md5 encryption in password file


	I have multiple sites using a shared password file.  Some can not use the
md5 encryption.  I want to eliminate the md5 encryption and use the old
RedHat standard hash encryption.  I was able to drop the shadow portion by
using pwunconv then editing the /etc/pam.d/system-auth file entry for
"password sufficient" and drop the "shadow" portion.

	I tried to also drop the "md5" portion on the same line and then use passwd
program to change it back to just a hashed password.  The passwd file entry
is changed but when I try to login, it fails.  The /var/log/messages and
/var/log/secure logs give me:

/var/log/messages:
sshd(pam_unix): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=localhost.localdomain  user=root

/var/log/secure:
sshd[1496]: Failed password for ROOT from 127.0.0.1 port 1035 ssh2

If I change back to md5 then reset the password, all is well.  Can I change
to not use the md5 encryption and if so, what are the steps I need to take?


-Earle
--
Earle Ake
Manager, Internet Services
HCST*Net










[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []