On Fri, Aug 25, 2000 at 12:25:35PM -0700, kmself@ix.netcom.com wrote: > Query: How do you implement MD5 and long passwords on Debian? Is it > more than just modifying /etc/pam.d/passwd? not much more: [eb@socrates eb]$ grep md5 /etc/pam.d/* /etc/pam.d/login:password required pam_unix.so use_authtok nullok md5 /etc/pam.d/passwd:password required pam_unix.so use_authtok nullok md5 /etc/pam.d/ssh:password required pam_unix.so use_authtok nullok md5 /etc/pam.d/sshd:password required pam_unix.so use_authtok nullok md5 /etc/pam.d/wdm:password required pam_unix.so use_authtok nullok md5 [eb@socrates eb]$ then you obviously have to convince all your users to change thier passwords. which can be hard if they are uncooperative like most. and if you use ssh (as you should) you cannot simply expire the password (or use expiration) since ssh is broken in regards to expiration handling :( bug #51747 > You should inform him of this situation, have him change the system > passwords, apply shadow passwords, and MD5 password hashing with long > password lengths. and pam_cracklib... -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpGbN5tK0jnJ.pgp
Description: PGP signature