Hello Recoverym4n
Thanks for your hint.
----- Original Message -----
From: <recovery...@gmail.com>
To: <debian-user@lists.debian.org>
Sent: Monday, May 27, 2013 7:40 PM
Subject: Re: /etc/shadow password hash format (migration from SuSE 9.3 to
Debian Wheezy)
Install 'libpam-unix2' package. Configure PAM as outlined
in /usr/share/doc/libpam-unix2/README.Debian. It is that simple.
I tried that out on a lab system where I replaced pam_unix.so into
pam_unix2.so inside both common-auth and common-password config files.
Result: The system nows recognizes all $2a$ (Blowfish) password hashes but
does not longer accepts $6$ (SHA-512) password now.
In the meantime, I migrated several user accounts to $6$ (SHA-512) hashes
using "passwd" to setting new passwords so there's a $6$/$2a$ mixture in
/etc/shadow now.
So what I actually need is a way that $6$ hashes are ok for any created new
user account as well as invoked "passwd" command (=setting passwords always
as $6$) but the authentication must accept both $2a$ and $6$, i.e. must be
able to deal with a mixed /etc/shadow database. So existing user still can
login with their $2a$ Blowfish hash while all my new users use a $6$ SHA-512
hash. So I think a configuration rule to use pam_unix.so and pam_unix2.so
simultaneously will help.
Andreas
--
Teste die PC-Sicherheit mit www.sec-check.net
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/edb958b5aba84ba1aa76af5a278e9...@meilebiz.loc
