At 3:30 PM -0700 7/15/02, Jon Leonard wrote:
Apparently this used to be controlled in /etc/login.defs, but what I wound up doing is changing the password lines /etc/pam.d/passwd and /etc/pam.d/login to: password required pam_unix.so md5 nullok obscure min=6 max=16 The key thing is to add the md5 bit, and in order for it to be useful, you'll need to set the max to something longer than 8.
Thanks Jon & Nate. I suspected that was what it required, but I was hesitant to throw the switch until I knew there wasn't anything I was missing.
I did what you described above, and I also added md5 to the lines starting with password in /etc/pam.d/ssh, /etc/pam.d/pop, and /etc/pam.d/other. ssh & other reference the pam_unix.so module as above, pop references the pam_unix_passwd.so module. I don't know if this is necessary, but I wanted to make sure all bases were covered. I then reran passwd and changed the passwd on my accounts, and finally determined that I could open an new ssh session to the box with the new password before closing my existing session. Viewing the /etc/shadow file, the new passwords look more like the MD5 style, so I think I was successful.
Thanks for your prompt and useful help! -- ______________________________________________________________________ Wilhelm Fitzpatrick | When we speak of free http://www.3roses.com/ | software we are referring rafial@well.com | to freedom not price. --To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org