I'm sorry to point this out, but... The idea of using the 'hash' for protecting passwords is that they cant be recovered... (all you can do is compare another hashed password and see if they are the same). sooo.... you cant 'convert' existing passwords from md5 hashing to 'crypt' hashing... at least not with any reasonable amount of compute power. (If you CAN, we are all in big trouble :-). The upshot is that the only way to complete the conversion is to force a password change :-( -----Original Message----- From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On Behalf Of Earle F. Ake Sent: Monday, May 06, 2002 12:17 PM To: PAM List Subject: Need to convert back from md5 encryption in password file I have multiple sites using a shared password file. Some can not use the md5 encryption. I want to eliminate the md5 encryption and use the old RedHat standard hash encryption. I was able to drop the shadow portion by using pwunconv then editing the /etc/pam.d/system-auth file entry for "password sufficient" and drop the "shadow" portion. I tried to also drop the "md5" portion on the same line and then use passwd program to change it back to just a hashed password. The passwd file entry is changed but when I try to login, it fails. The /var/log/messages and /var/log/secure logs give me: /var/log/messages: sshd(pam_unix): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain user=root /var/log/secure: sshd[1496]: Failed password for ROOT from 127.0.0.1 port 1035 ssh2 If I change back to md5 then reset the password, all is well. Can I change to not use the md5 encryption and if so, what are the steps I need to take? -Earle -- Earle Ake Manager, Internet Services HCST*Net
