I know there is no conversion per say. What I want to do is change from the md5 to hash format. As I pointed out, I changed the entry in system-auth to drop the md5 parameter. I also reset the password using the passwd program. The entry in the /etc/passwd file appeared to be a correct length hashed password. The problem is when I then tried to login, it failed. If I re-added the md5 parameter then used passwd again to put in an md5 password, I could then login again. What am I missing if I drop the md5 from the /etc/pam.d/system-auth file then use passwd to reset the password? So far I am only dealing with the root account but after I get it working, I will copy other password entried from the system I am replacing. -Earle -----Original Message----- From: Doug Fajardo [mailto:dfajardo@symark.com] Sent: Monday, May 06, 2002 6:02 PM To: pam-list@redhat.com Subject: RE: Need to convert back from md5 encryption in password file I'm sorry to point this out, but... The idea of using the 'hash' for protecting passwords is that they cant be recovered... (all you can do is compare another hashed password and see if they are the same). sooo.... you cant 'convert' existing passwords from md5 hashing to 'crypt' hashing... at least not with any reasonable amount of compute power. (If you CAN, we are all in big trouble :-). The upshot is that the only way to complete the conversion is to force a password change :-( -----Original Message----- From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On Behalf Of Earle F. Ake Sent: Monday, May 06, 2002 12:17 PM To: PAM List Subject: Need to convert back from md5 encryption in password file I have multiple sites using a shared password file. Some can not use the md5 encryption. I want to eliminate the md5 encryption and use the old RedHat standard hash encryption. I was able to drop the shadow portion by using pwunconv then editing the /etc/pam.d/system-auth file entry for "password sufficient" and drop the "shadow" portion. I tried to also drop the "md5" portion on the same line and then use passwd program to change it back to just a hashed password. The passwd file entry is changed but when I try to login, it fails. The /var/log/messages and /var/log/secure logs give me: /var/log/messages: sshd(pam_unix): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain user=root /var/log/secure: sshd[1496]: Failed password for ROOT from 127.0.0.1 port 1035 ssh2 If I change back to md5 then reset the password, all is well. Can I change to not use the md5 encryption and if so, what are the steps I need to take? -Earle -- Earle Ake Manager, Internet Services HCST*Net _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
