Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-04-2009, 01:27 PM   #1
Registered: Oct 2003
Location: MN
Distribution: CentOS, Fedora
Posts: 182

Rep: Reputation: 30
Shadow passwords - Changing encryption method from MD5 to SHA

Hey all,

I'm looking to find out exactly how to go about changing the encryption method of shadow passwords from MD5 to something a bit stronger, like SHA. I've been looking around for a bit now and haven't found out how to do it.

This is for CentOS 5.

I've gathered that I'll most likely need to change the /etc/pam.d/system-auth file. Right now, there is a line that looks like this:

password sufficient md5 shadow nullok try_first_pass use_authtok
I'm guessing the md5 should be changed to something else, like sha512.

What else? I know I'll need to reset all passwords once the change is made, but I thought there was someplace else that controls how the passwd command encrypts passwords.

Any suggestions please?


Last edited by Phaethar; 11-04-2009 at 01:28 PM.
Old 11-04-2009, 05:38 PM   #2
Senior Member
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Bookworm (Fluxbox WM)
Posts: 1,391
Blog Entries: 53

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
This will be a little different on various distros. On the RedHat family, you might be able to use system-config-authorization.

You might find this Q and A helpful, particularly this paragraph:

If you make the change manually, you should first remove the "md5" option from the "password" PAM category only. Then re-set all local passwords using the "passwd" or "chpasswd" commands (the latter is suited for bulk password setting). Verify that all the passwords have been changed to the DES form, then remove the "md5" option from the "auth" PAM category.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
looking for a portable encryption method for passwords file nephish Linux - Software 5 10-05-2009 10:46 AM
md5, SHA and php's mcrypt function rjcrews General 1 12-05-2005 01:54 AM
Creating MD5 / SHA / SSHA digests from command line? [GOD]Anck Slackware 1 05-19-2005 12:00 PM
sha-1 encryption and endianness sade Linux - Software 0 08-24-2004 11:16 AM
SHA, MD5, LDAP for passwords mastahnke Linux - Security 2 09-25-2003 03:36 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:35 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration