[CentOS] How to enable SHA1 passwords after migration from OpenSUSE?

Fri Jun 27 00:11:32 UTC 2008
Andreas Pedersen <alofflambas at gmail.com>

On Thu, Jun 26, 2008 at 2:05 PM, Papalagi Pakeha
<papalagi.pakeha at gmail.com> wrote:
> Hi there!
>
> I have recently migrated my old server from OpenSUSE 10.0 to CentOS 5.
> Almost everything works great, except for one thing - user passwords.
> In the old system they were in a form:
>
> root:$2a$05$9V.P3/KV2fd0r/O8hs0gNueaidF35edj3DL6skb32qZJNpvwVHiUO:12183:0:99999:7:::
>
> and that format doesn't seem to be understood by CentOS. When I change
> the password I get something like:
>
> root:$1$Z0HGYkIb$fbkW0gR6c.k7rENE1NlzE0:14055:0:99999:7:::
>
> Note the encrypted password begins with $2a$... in OpenSUSE while in
> CentOS it starts with $1$... CentOS passwords (MD5?) are understood by
> OpenSUSE but OpenSUSE passwords (SHA1?) are not understood by CentOS.
> Is there any way around that? Perhaps get some PAM module from
> OpenSUSE? Or just some setting somewhere? Having to reset passwords
> for all my users would be a royal pain.
>
> Thanks!
>
> PaPa
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

First: '$2a' is not SHA1 its Blowfish.

I belive you need libxcrypt support, I'm not sure just google fast I
hope this will help you.

# OpenSUSE 10.2 box
$ ldd /lib/security/pam_unix2.so
       linux-gate.so.1 =>  (0xfbffe000)
       libpam.so.0 => /lib/libpam.so.0 (0xb7fd2000)
       libnsl.so.1 => /lib/libnsl.so.1 (0xb7fbb000)
       libdl.so.2 => /lib/libdl.so.2 (0xb7fb7000)
libxcrypt.so.1 => /lib/libxcrypt.so.1 (0xb7f81000) # <-----------
       libc.so.6 => /lib/libc.so.6 (0xb7e4e000)
       libaudit.so.0 => /lib/libaudit.so.0 (0xb7e3a000)
       /lib/ld-linux.so.2 (0x80000000)

http://wiki.linuxfromscratch.org/hints/browser/trunk/blowfish-passwords.txt
http://osdir.com/ml/linux.lfs.hardened/2007-01/msg00003.html