FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-27-2008, 12:11 AM
"Andreas Pedersen"
 
Default How to enable SHA1 passwords after migration from OpenSUSE?

On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha
<papalagi.pakeha@gmail.com> wrote:
> Hi there!
>
> I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5.
> Almost everything works great, except for one thing - user passwords.
> In the old system they were in a form:
>
> root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:99 999:7:::
>
> and that format doesn't seem to be understood by CentOS. When I change
> the password I get something like:
>
> root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:99 999:7:::
>
> Note the encrypted password begins with $2a$... in OpenSUSE while in
> CentOS it starts with $1$... CentOS passwords (MD5?) are understood by
> OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS.
> Is there any way around that? Perhaps get some PAM module from
> OpenSUSE? Or just some setting somewhere? Having to reset passwords
> for all my users would be a royal pain.
>
> Thanks!
>
> PaPa
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

First: '$2a' is not SHA1 its Blowfish.

I belive you need libxcrypt support, I'm not sure just google fast I
hope this will help you.

# OpenSUSE 10.2 box
$ ldd /lib/security/pam_unix2.so
linux-gate.so.1 => (0xfbffe000)
libpam.so.0 => /lib/libpam.so.0 (0xb7fd2000)
libnsl.so.1 => /lib/libnsl.so.1 (0xb7fbb000)
libdl.so.2 => /lib/libdl.so.2 (0xb7fb7000)
libxcrypt.so.1 => /lib/libxcrypt.so.1 (0xb7f81000) # <-----------
libc.so.6 => /lib/libc.so.6 (0xb7e4e000)
libaudit.so.0 => /lib/libaudit.so.0 (0xb7e3a000)
/lib/ld-linux.so.2 (0x80000000)

http://wiki.linuxfromscratch.org/hints/browser/trunk/blowfish-passwords.txt
http://osdir.com/ml/linux.lfs.hardened/2007-01/msg00003.html
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-27-2008, 12:03 PM
"Papalagi Pakeha"
 
Default How to enable SHA1 passwords after migration from OpenSUSE?

On Fri, Jun 27, 2008 at 12:11 PM, Andreas Pedersen
<alofflambas@gmail.com> wrote:
> On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha
> <papalagi.pakeha@gmail.com> wrote:
>> Hi there!
>>
>> I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5.
>> Almost everything works great, except for one thing - user passwords.
>> In the old system they were in a form:
>>
>> root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:99 999:7:::
>>
>> and that format doesn't seem to be understood by CentOS. When I change
>> the password I get something like:
>>
>> root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:99 999:7:::
>>
>> Note the encrypted password begins with $2a$... in OpenSUSE while in
>> CentOS it starts with $1$... CentOS passwords (MD5?) are understood by
>> OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS.

> First: '$2a' is not SHA1 its Blowfish.
>
> I belive you need libxcrypt support, I'm not sure just google fast I
> hope this will help you.
>
> # OpenSUSE 10.2 box
> $ ldd /lib/security/pam_unix2.so

I can't find pam_unix2 for CentOS. It's doesn't seem to be in any of
the repos I know of. Any hint as where to get hold of it?

PaPa
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-27-2008, 01:47 PM
"Andreas Pedersen"
 
Default How to enable SHA1 passwords after migration from OpenSUSE?

On Fri, Jun 27, 2008 at 2:03 PM, Papalagi Pakeha
<papalagi.pakeha@gmail.com> wrote:
> On Fri, Jun 27, 2008 at 12:11 PM, Andreas Pedersen
> <alofflambas@gmail.com> wrote:
>> On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha
>> <papalagi.pakeha@gmail.com> wrote:
>>> Hi there!
>>>
>>> I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5.
>>> Almost everything works great, except for one thing - user passwords.
>>> In the old system they were in a form:
>>>
>>> root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:99 999:7:::
>>>
>>> and that format doesn't seem to be understood by CentOS. When I change
>>> the password I get something like:
>>>
>>> root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:99 999:7:::
>>>
>>> Note the encrypted password begins with $2a$... in OpenSUSE while in
>>> CentOS it starts with $1$... CentOS passwords (MD5?) are understood by
>>> OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS.
>
>> First: '$2a' is not SHA1 its Blowfish.
>>
>> I belive you need libxcrypt support, I'm not sure just google fast I
>> hope this will help you.
>>
>> # OpenSUSE 10.2 box
>> $ ldd /lib/security/pam_unix2.so
>
> I can't find pam_unix2 for CentOS. It's doesn't seem to be in any of
> the repos I know of. Any hint as where to get hold of it?

show all pam packages
$ rpm -qa *pam*
list files for pam
$ rpm -ql pam

I believe you need to rebuild pam modules (pam_unix2), see arch wiki.

http://wiki.archlinux.org/index.php/Blowfish_passwords
Quote: "You must download libxcrypt PKGBUILD and build it. That's
because libcrypt from glibc only supports md5 and DES algorithms,
which we don't want."


>
> PaPa
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-27-2008, 01:55 PM
"Tim Verhoeven"
 
Default How to enable SHA1 passwords after migration from OpenSUSE?

First, are you running 5.2 or a older version ? If it is a older
version, first upgrade to 5.2.

Then read http://www.centos.org/docs/5/html/release-notes/as-amd64/RELEASE-NOTES-U2-x86_64-en.html#id2914967
and the section about SHA passwords.

Regards,
Tim

--
Tim Verhoeven - tim.verhoeven.be@gmail.com - 0479 / 88 11 83

Hoping the problem magically goes away by ignoring it is the
"microsoft approach to programming" and should never be allowed.
(Linus Torvalds)
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-27-2008, 02:29 PM
"Papalagi Pakeha"
 
Default How to enable SHA1 passwords after migration from OpenSUSE?

On Sat, Jun 28, 2008 at 1:55 AM, Tim Verhoeven
<tim.verhoeven.be@gmail.com> wrote:
> First, are you running 5.2 or a older version ? If it is a older
> version, first upgrade to 5.2.
>
> Then read http://www.centos.org/docs/5/html/release-notes/as-amd64/RELEASE-NOTES-U2-x86_64-en.html#id2914967
> and the section about SHA passwords.

As pointed out by Andreas the current passwords are
Blowfish-encrypted, not SHA as I thought. Therefore the new SHA
support in 5.2 won't help me at all. Looks like I'll have to recompile
pam-unix2 from source :-(

PaPa
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 03:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org