LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-04-2009, 01:27 PM   #1
Phaethar
Member
 
Registered: Oct 2003
Location: MN
Distribution: CentOS, Fedora
Posts: 182

Rep: Reputation: 30
Shadow passwords - Changing encryption method from MD5 to SHA


Hey all,

I'm looking to find out exactly how to go about changing the encryption method of shadow passwords from MD5 to something a bit stronger, like SHA. I've been looking around for a bit now and haven't found out how to do it.

This is for CentOS 5.

I've gathered that I'll most likely need to change the /etc/pam.d/system-auth file. Right now, there is a line that looks like this:

Code:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
I'm guessing the md5 should be changed to something else, like sha512.

What else? I know I'll need to reset all passwords once the change is made, but I thought there was someplace else that controls how the passwd command encrypts passwords.

Any suggestions please?

Thanks!

Last edited by Phaethar; 11-04-2009 at 01:28 PM.
 
Old 11-04-2009, 05:38 PM   #2
neonsignal
Senior Member
 
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Wheezy (Fluxbox WM)
Posts: 1,368
Blog Entries: 52

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
This will be a little different on various distros. On the RedHat family, you might be able to use system-config-authorization.

You might find this Q and A helpful, particularly this paragraph:

Quote:
If you make the change manually, you should first remove the "md5" option from the "password" PAM category only. Then re-set all local passwords using the "passwd" or "chpasswd" commands (the latter is suited for bulk password setting). Verify that all the passwords have been changed to the DES form, then remove the "md5" option from the "auth" PAM category.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
looking for a portable encryption method for passwords file nephish Linux - Software 5 10-05-2009 10:46 AM
md5, SHA and php's mcrypt function rjcrews General 1 12-05-2005 01:54 AM
Creating MD5 / SHA / SSHA digests from command line? [GOD]Anck Slackware 1 05-19-2005 12:00 PM
sha-1 encryption and endianness sade Linux - Software 0 08-24-2004 11:16 AM
SHA, MD5, LDAP for passwords mastahnke Linux - Security 2 09-25-2003 03:36 AM


All times are GMT -5. The time now is 04:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration