MD5 passwords with the Shadow suite

Weylin Piegrosch weylin at yahoo.com
Fri Nov 24 13:46:43 PST 2000


Hello,

I'm not an avid reader of this list, so I don't know if this has been
posted here yet or not.  So I though I'd post it here in case it
hadn't.

I was going through the lfs instructions with no problems.  In fact, I
had no problems installing it at all after 5 systems.  However, I was
disappointed by the lack of strong password support.

By default, the Shadow Password Suite uses DES passwords for 5-8
character passwords.  However, I wanted MD5 support, which is built
into the Shadow Password Suite.  It allows unlimited password lengths
(a fixed limit of 127 characters has been hard-coded, but that can be
lengthened by changing one constant in the source code (pass_max_len in
passwd.c in the shadow password source code).  Also, according to my
roommate (who is actually the one who figured out the procedure below),
DES has been broken; MD5 hasn't.

Translation: better security and longer passwords for MD5, with no real
drawbacks.

So, I was wondering if it's feasible to use it.  I can't think of any
reason why it shouldn't go into an lfs system.  I added instructions
for changing from DES to MD5 below (it should be easy to modify if it
were decided to add MD5 passwords to lfs):

1. edit /etc/login.defs
....Change the line "#MD5_CRYPT_ENAB  no" to "MD5_CRYPT_ENAB yes"

2. un-shadow the current passwords
....pwunconv
....this allows passwords to transition smoothly with no hiccups

3. recompile the shadow password suite
...../configure --enable-md5crypt=yes --prefix=/usr
....make
....make install

4. re-shadow the passwords with md5 cryptogrophy
....pwconv

5. (optional) reset all passwords
....ensures that ALL passwords are MD5 encrypted

6. (optional) switch to another virtual terminal
....to check to see if you can still log in OK

to change the lfs instructions would merely require steps 1 and 3. 
step 1 can easily be done with sed, and step 3 needs only a minor
change to the way things are now.

Weylin Piegorsch

=====
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d-(--) s+: a-- C++>++++@ UL++(+++)>++++ P+>+++
L++(+++)>++++ E W+ N-@ o--@>(+) K- w---(++) O?>- M-- V?
PS+(++) PE Y+(++) PGP(-)@ t+* 5++ X(+)@ R+@ tv--@ b+ DI(++)
D?@ G@ e++>+++ h--() !r--* y?
------END GEEK CODE BLOCK------

__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/

-- 
Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-dev mailing list