LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Shadow passwords - Changing encryption method from MD5 to SHA
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-04-2009, 12:27 PM   #1
Phaethar
Member
 
Registered: Oct 2003
Location: MN
Distribution: CentOS, Fedora
Posts: 182

Rep: Reputation: 30
Shadow passwords - Changing encryption method from MD5 to SHA

Hey all,

I'm looking to find out exactly how to go about changing the encryption method of shadow passwords from MD5 to something a bit stronger, like SHA. I've been looking around for a bit now and haven't found out how to do it.

This is for CentOS 5.

I've gathered that I'll most likely need to change the /etc/pam.d/system-auth file. Right now, there is a line that looks like this:

Code:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
I'm guessing the md5 should be changed to something else, like sha512.

What else? I know I'll need to reset all passwords once the change is made, but I thought there was someplace else that controls how the passwd command encrypts passwords.

Any suggestions please?

Thanks!
Last edited by Phaethar; 11-04-2009 at 12:28 PM.
 
Old 11-04-2009, 04:38 PM   #2
neonsignal
Senior Member
 
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Bookworm (Fluxbox WM)
Posts: 1,391
Blog Entries: 54

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
This will be a little different on various distros. On the RedHat family, you might be able to use system-config-authorization.

You might find this Q and A helpful, particularly this paragraph:

Quote:
If you make the change manually, you should first remove the "md5" option from the "password" PAM category only. Then re-set all local passwords using the "passwd" or "chpasswd" commands (the latter is suited for bulk password setting). Verify that all the passwords have been changed to the DES form, then remove the "md5" option from the "auth" PAM category.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
looking for a portable encryption method for passwords file nephish Linux - Software 5 10-05-2009 09:46 AM
md5, SHA and php's mcrypt function rjcrews General 1 12-05-2005 12:54 AM
Creating MD5 / SHA / SSHA digests from command line? [GOD]Anck Slackware 1 05-19-2005 11:00 AM
sha-1 encryption and endianness sade Linux - Software 0 08-24-2004 10:16 AM
SHA, MD5, LDAP for passwords mastahnke Linux - Security 2 09-25-2003 02:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:05 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration