Hi there!
I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5. Almost everything works great, except for one thing - user passwords. In the old system they were in a form:
root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:99999:7:::
and that format doesn't seem to be understood by CentOS. When I change the password I get something like:
root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:99999:7:::
Note the encrypted password begins with $2a$... in OpenSUSE while in CentOS it starts with $1$... CentOS passwords (MD5?) are understood by OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS. Is there any way around that? Perhaps get some PAM module from OpenSUSE? Or just some setting somewhere? Having to reset passwords for all my users would be a royal pain.
Thanks!
PaPa
On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha papalagi.pakeha@gmail.com wrote:
Hi there!
I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5. Almost everything works great, except for one thing - user passwords. In the old system they were in a form:
root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:99999:7:::
and that format doesn't seem to be understood by CentOS. When I change the password I get something like:
root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:99999:7:::
Note the encrypted password begins with $2a$... in OpenSUSE while in CentOS it starts with $1$... CentOS passwords (MD5?) are understood by OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS. Is there any way around that? Perhaps get some PAM module from OpenSUSE? Or just some setting somewhere? Having to reset passwords for all my users would be a royal pain.
Thanks!
PaPa _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
First: '$2a' is not SHA1 its Blowfish.
I belive you need libxcrypt support, I'm not sure just google fast I hope this will help you.
# OpenSUSE 10.2 box $ ldd /lib/security/pam_unix2.so linux-gate.so.1 => (0xfbffe000) libpam.so.0 => /lib/libpam.so.0 (0xb7fd2000) libnsl.so.1 => /lib/libnsl.so.1 (0xb7fbb000) libdl.so.2 => /lib/libdl.so.2 (0xb7fb7000) libxcrypt.so.1 => /lib/libxcrypt.so.1 (0xb7f81000) # <----------- libc.so.6 => /lib/libc.so.6 (0xb7e4e000) libaudit.so.0 => /lib/libaudit.so.0 (0xb7e3a000) /lib/ld-linux.so.2 (0x80000000)
http://wiki.linuxfromscratch.org/hints/browser/trunk/blowfish-passwords.txt http://osdir.com/ml/linux.lfs.hardened/2007-01/msg00003.html
On Fri, Jun 27, 2008 at 12:11 PM, Andreas Pedersen alofflambas@gmail.com wrote:
On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha papalagi.pakeha@gmail.com wrote:
Hi there!
I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5. Almost everything works great, except for one thing - user passwords. In the old system they were in a form:
root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:99999:7:::
and that format doesn't seem to be understood by CentOS. When I change the password I get something like:
root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:99999:7:::
Note the encrypted password begins with $2a$... in OpenSUSE while in CentOS it starts with $1$... CentOS passwords (MD5?) are understood by OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS.
First: '$2a' is not SHA1 its Blowfish.
I belive you need libxcrypt support, I'm not sure just google fast I hope this will help you.
# OpenSUSE 10.2 box $ ldd /lib/security/pam_unix2.so
I can't find pam_unix2 for CentOS. It's doesn't seem to be in any of the repos I know of. Any hint as where to get hold of it?
PaPa
On Fri, Jun 27, 2008 at 2:03 PM, Papalagi Pakeha papalagi.pakeha@gmail.com wrote:
On Fri, Jun 27, 2008 at 12:11 PM, Andreas Pedersen alofflambas@gmail.com wrote:
On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha papalagi.pakeha@gmail.com wrote:
Hi there!
I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5. Almost everything works great, except for one thing - user passwords. In the old system they were in a form:
root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:99999:7:::
and that format doesn't seem to be understood by CentOS. When I change the password I get something like:
root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:99999:7:::
Note the encrypted password begins with $2a$... in OpenSUSE while in CentOS it starts with $1$... CentOS passwords (MD5?) are understood by OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS.
First: '$2a' is not SHA1 its Blowfish.
I belive you need libxcrypt support, I'm not sure just google fast I hope this will help you.
# OpenSUSE 10.2 box $ ldd /lib/security/pam_unix2.so
I can't find pam_unix2 for CentOS. It's doesn't seem to be in any of the repos I know of. Any hint as where to get hold of it?
show all pam packages $ rpm -qa *pam* list files for pam $ rpm -ql pam
I believe you need to rebuild pam modules (pam_unix2), see arch wiki.
http://wiki.archlinux.org/index.php/Blowfish_passwords Quote: "You must download libxcrypt PKGBUILD and build it. That's because libcrypt from glibc only supports md5 and DES algorithms, which we don't want."
PaPa _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
First, are you running 5.2 or a older version ? If it is a older version, first upgrade to 5.2.
Then read http://www.centos.org/docs/5/html/release-notes/as-amd64/RELEASE-NOTES-U2-x8... and the section about SHA passwords.
Regards, Tim
On Sat, Jun 28, 2008 at 1:55 AM, Tim Verhoeven tim.verhoeven.be@gmail.com wrote:
First, are you running 5.2 or a older version ? If it is a older version, first upgrade to 5.2.
Then read http://www.centos.org/docs/5/html/release-notes/as-amd64/RELEASE-NOTES-U2-x8... and the section about SHA passwords.
As pointed out by Andreas the current passwords are Blowfish-encrypted, not SHA as I thought. Therefore the new SHA support in 5.2 won't help me at all. Looks like I'll have to recompile pam-unix2 from source :-(
PaPa
-
Andreas Pedersen -
Papalagi Pakeha -
Tim Verhoeven