Hello,

I need to alter the current password encryption on my Fedora 9 linux system to something other than BLOWFISH, which could be causing problems with DB2.

but I don't even know which one I'm using. I anticipate alter this could be a risky endeavor as I risk losing access. Is this worry warranted?

Many thanks for any tip or insight.

Hi.

A few things here. The first and big thing I want to ask is why do you think the password encryption is affecting DB2? What kind of errors are you seeing? I am using DB2 on RHEL 5 and I have not had issues with the password encryption. It uses the same password encryption by default as Fedora 9 which is shadow (http://en.wikipedia.org/wiki/Shadow_password).

If you really do need to change the type of password encryption (which I highly doubt) it is not the easiest thing to do but possible. You will always be able to boot to single user mode if your password does not work. The only potential data loss would be the current password for each user.

Shadow isn't a password hashing system, don't confuse it with crypt().

You should make sure it's causing problems, otherwise it probably is indeed unwarranted. Anyhow, you can check which encryption algorithm you are using by looking at the number between the dollar signs at the start of the second field in the relevant line of your /etc/shadow file (see the Wikipedia link for crypt() I posted above). For example, mine looks like:Which means I am using the MD5 algorithm. To change the default algorithm, add (or edit) the ENCRYPT_METHOD line in your /etc/login.defs file. For example, to make all password hashes be SHA512 from now on, add a line like:Obviously you can't just add any algorithm, you need to make sure your distro supports it.

One way to check support is to look at the man page for chpasswd.

many thanks for the insight!

I encountered problem with db2 that although I can connect to the database without specifying user and password, the connection fails whenever I supplied userid and password explicitly, and got the error below, although I was using instance owner userid.

SQL30082N Attempt to establish connection failed with security reason "26" ("SERVER SECURITY PLUGIN ERROR"). SQLSTATE=08001

So DB2 support came back suspecting I was using BLOWFISH for password encryption, and suggest that I change it to DES. But I need to find out which encryption I'm currently using.

here's the entry in my /etc/shadow:
db2inst1:$6$zJBk96lz$q/C.HeodsK8N1IlbmmlAt5JnIpsc/u9DVm95Ko2QulvlCXq1qk8HcSbVaLQb10OnoYMbjGsz3KEKQcmXuhmls1:14308:0:99999:7:::

Does it say anything about whether it is BLOWFISH encription?

and here's the entry in /etc/login.defs
ENCRYPT_METHOD SHA512

The $6$ means you're using SHA512.

You probably want DES or MD5... although, I have some doubts that this is your actual problem.

Note that if you change to DES you'll be limited to 8-character passwords. If DB2 supports longer passwords and can handle MD5, go for MD5.

Progress has the same problem with blowfish, and as with DB2 they recommend DES, which I chose to ignore as you're severely limited on password strength by the 8-byte limitation of DES-encrypted passwords. MD5 should work.

its chpasswd -C SHA512
(or any other ALGO)

Epic thread resurection.

Yup.... :P
Just registered n saw the post.. proper answer not posted yet so replied...