Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to alter the current password encryption on my Fedora 9 linux system to something other than BLOWFISH, which could be causing problems with DB2.
but I don't even know which one I'm using. I anticipate alter this could be a risky endeavor as I risk losing access. Is this worry warranted?
A few things here. The first and big thing I want to ask is why do you think the password encryption is affecting DB2? What kind of errors are you seeing? I am using DB2 on RHEL 5 and I have not had issues with the password encryption. It uses the same password encryption by default as Fedora 9 which is shadow (http://en.wikipedia.org/wiki/Shadow_password).
If you really do need to change the type of password encryption (which I highly doubt) it is not the easiest thing to do but possible. You will always be able to boot to single user mode if your password does not work. The only potential data loss would be the current password for each user.
A few things here. The first and big thing I want to ask is why do you think the password encryption is affecting DB2? What kind of errors are you seeing? I am using DB2 on RHEL 5 and I have not had issues with the password encryption. It uses the same password encryption by default as Fedora 9 which is shadow (http://en.wikipedia.org/wiki/Shadow_password).
If you really do need to change the type of password encryption (which I highly doubt) it is not the easiest thing to do but possible. You will always be able to boot to single user mode if your password does not work. The only potential data loss would be the current password for each user.
Shadow isn't a password hashing system, don't confuse it with crypt().
Quote:
Originally Posted by bfzhou
I need to alter the current password encryption on my Fedora 9 linux system to something other than BLOWFISH, which could be causing problems with DB2.
but I don't even know which one I'm using. I anticipate alter this could be a risky endeavor as I risk losing access. Is this worry warranted?
You should make sure it's causing problems, otherwise it probably is indeed unwarranted. Anyhow, you can check which encryption algorithm you are using by looking at the number between the dollar signs at the start of the second field in the relevant line of your /etc/shadow file (see the Wikipedia link for crypt() I posted above). For example, mine looks like:
Which means I am using the MD5 algorithm. To change the default algorithm, add (or edit) the ENCRYPT_METHOD line in your /etc/login.defs file. For example, to make all password hashes be SHA512 from now on, add a line like:
Code:
ENCRYPT_METHOD SHA512
Obviously you can't just add any algorithm, you need to make sure your distro supports it.
One way to check support is to look at the man page for chpasswd.
I encountered problem with db2 that although I can connect to the database without specifying user and password, the connection fails whenever I supplied userid and password explicitly, and got the error below, although I was using instance owner userid.
SQL30082N Attempt to establish connection failed with security reason "26" ("SERVER SECURITY PLUGIN ERROR"). SQLSTATE=08001
So DB2 support came back suspecting I was using BLOWFISH for password encryption, and suggest that I change it to DES. But I need to find out which encryption I'm currently using.
here's the entry in my /etc/shadow:
db2inst1:$6$zJBk96lz$q/C.HeodsK8N1IlbmmlAt5JnIpsc/u9DVm95Ko2QulvlCXq1qk8HcSbVaLQb10OnoYMbjGsz3KEKQcmXuhmls1:14308:0:99999:7:::
Does it say anything about whether it is BLOWFISH encription?
and here's the entry in /etc/login.defs
ENCRYPT_METHOD SHA512
here's the entry in my /etc/shadow:
db2inst1:$6$zJBk96lz$q/C.HeodsK8N1IlbmmlAt5JnIpsc/u9DVm95Ko2QulvlCXq1qk8HcSbVaLQb10OnoYMbjGsz3KEKQcmXuhmls1:14308:0:99999:7:::
Note that if you change to DES you'll be limited to 8-character passwords. If DB2 supports longer passwords and can handle MD5, go for MD5.
Progress has the same problem with blowfish, and as with DB2 they recommend DES, which I chose to ignore as you're severely limited on password strength by the 8-byte limitation of DES-encrypted passwords. MD5 should work.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.