SHA-1 in shadow file
Eugene Vilensky
evilensky at gmail.com
Wed Apr 7 02:24:12 UTC 2010
On Tue, Apr 6, 2010 at 2:48 PM, Tangren, Bill
<bill.tangren at usno.navy.mil> wrote:
> Is it possible to convert the hashing in the /etc/shadow file on an
> existing RH server (RHEL 4 or 5) from MD5 to something like SHA-1,
> without major disruptions of operations?
>
> If so, how would one go about doing it?
It is not possible to convert existing password hashes; it wouldn't be
much of a hash if that were possible.
The easiest way on a RHEL system that hasn't been customized too much is to use
authconfig --passalgo=[algorithm] --update
The next password change, the user's password would be hashed with the
newer algorithm.
You can expire existing passwords to force this on users.
man authconfig for more details, and which files are modified on your behalf.
More information about the redhat-list
mailing list