Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Re: md5 passwords


On Tue, Nov 07, 2000 at 03:34:38PM +1100, Angus Lees wrote:
> \begin{John Ferlito}
> > 	anyone remember how to switch debian over to md5 passwords after
> > you've finished the install?
> 
> add the "md5" option to your pam setup

	Yeah I thought there was a script somewhere. Found it by
actually installing debian and then working out what script it was
running when it asked me the question. Just a bit of sed that gets run
over the pam files.

	Therefore it seems a cut and paste into cfengine will be in
order :) Trying to setup automatic installs of debian boxes is heaps of
fun.

	Actually would anyone be interested in a talk on doing auto
installs of lots of boxes. Might be able to do one meeting after next.
Will probably have tripped over all the problems by then.

> 
> converting the passwds over (ie: cracking DES and then re-encrypting
> with MD5) is left as an exercise for the reader..
> 
> (you could try to rig up an interim thing with pam so it supported
> either. that would be .. interesting ..)

	you don't need too. PAM can tell the difference between MD5 and
DES and will fall back if the password is of the old type.  So if you
really want to force everyone to change you just set password expiry for
the next time they log in.

-- 
John

The difference between a good man and a bad one is the 
choice of cause - William James