Re: Changing to MD5 shadow passwords?

To: debian-user@lists.debian.org
Subject: Re: Changing to MD5 shadow passwords?
From: Ethan Benson <erbenson@alaska.net>
Date: Tue, 20 Mar 2001 17:14:32 -0900
Message-id: <[🔎] 20010320171432.H9449@plato.local.lan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 03cf01c0b191$9574adc0$4701000a@t71>; from klong@protelco.net on Tue, Mar 20, 2001 at 05:00:39PM -0600
References: <[🔎] 20010317164105.B15587@spaceship.com> <[🔎] Pine.LNX.4.21.0103190954310.27510-100000@rir> <[🔎] 20010319145051.P29721@plato.local.lan> <[🔎] 03cf01c0b191$9574adc0$4701000a@t71>

On Tue, Mar 20, 2001 at 05:00:39PM -0600, Kevin Long wrote:
> 
> ----- Original Message -----
> From: "Ethan Benson" <erbenson@alaska.net>
> To: <debian-user@lists.debian.org>
> Sent: Monday, March 19, 2001 5:50 PM
> Subject: Re: Changing to MD5 shadow passwords?
> 
>         md5 hashes should work regardless of what hash passwd will create.
>         however some time ago it was discovered that pam created bogus md5
>         hashes due to an endianess bug, backward compatability was retained
>         for awhile but it might be gone now.
> 
> How would I upgrade if I had a broken pam?
> Could anyone point me to some docs on this.  I really don't want to have to
> try and upgrade to RH7 -- debian is much smoother in upgrading.  And RH7
> would probably break under the bogus md5's anyway right?

probably.  check the pam mailing list archives, they compatility
might still be in pam_pwdb (which sucks donkey balls) but i doubt its
in pam_unix since it just uses standard libc calls.  

>     also you can't just drop redhat passwd files onto debian, you will
>     break your system.  you can only take the ordinary user accounts from
>     redhat and add them to the debian passwd files.  that is uids above
>     500 from redhat are ok, any uid below 500 is not.
> 
> How badly would it break?  Could I fix it easier than having to rebuild
> hundreds of users and get them to reset all their passwords.

all you need to do is delete all the redhat system accounts, that is
every user and group with a uid and gid below 500.  then add the
remaining users to your debian stock password files.  

it doesn't matter that your users have uids of 500, its system
accounts like bin daemon sys and such that are different on debian and
redhat.  replacing debian system accounts wtih redhat system accounts
will ruin your system. 

though i prefer to get uids reallocated starting at 1000 where they
belong.  i just used an awk script to add the user accounts to debian
and reset gecos and password feilds.  easy and pie.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp0hxmJz90mm.pgp
Description: PGP signature

Reply to:

References:
- Seti At Home & gethostbyname
  - From: Judith Elaine Bush <debian@grey-cat.com>
- Changing to MD5 shadow passwords?
  - From: "R. Ransbottom" <rir@mediaone.net>
- Re: Changing to MD5 shadow passwords?
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Changing to MD5 shadow passwords?
  - From: "Kevin Long" <klong@protelco.net>

Prev by Date: Re: Problems with talkd
Next by Date: Re: startx not passing options to server?
Previous by thread: Re: Changing to MD5 shadow passwords?
Next by thread: warning when upgrading xlibs (sid)
Index(es):
- Date
- Thread