In case this addresses the question, I installed MD5 and shadow passwords
on a GNU/Linux system (RH6.1) with an existing user base and short
'crypt' passwords. It was totally painless.
On Tue, 20 Jun 2000, John Hartnup wrote:
> On Tue, Jun 20, 2000 at 09:47:54AM -0400, Rich Salz wrote:
> > > sql table. I need to initialize the user/passwd data base with the
> > > existing data from my current /etc/passwd file (linux).
> > No can do. The password file format is one-way. You cannot recover the
> > password from the password file.
> I think the original poster understood this: he would be storing the
> DES crypt hashed password from /etc/passwd in his SQL database. New passwords
> would be hashed with MD5 crypt instead (he said) and the password verifying
> routine would be able to cope with either DES or MD5. No need to extract
> plaintext passwords at any point there.
Here is what happened:
I had originally installed PAM ("Pluggable Authentication Module" - a
_Good_Thing_[TM]). I opened a 'VT' text console, logged in as 'root', and
ran 'setup'. There is a menu entry (somewhere) to manage PAM. I used it to
turn on MD5 hashing (or perhaps 'long passwords' - I don't remember the
exact tag).
No change to authentication with users' old passwords -- they still
worked, but every time a password was changed or a new account created,
the new passwords came out MD5 and were also transparently processed by
PAM. I asked users to change their passwords and MD5 conversion was
complete.
I then made a copy of /etc/passwd (in case I had to back out of the
process), again ran 'setup', and this time enabled shadow passwords. To my
immense relief the shadow file was set up, '/etc/passwd' was rewritten to
use the shadows, and again the change was transparent to users.
If that's what you need, I can only wish you as little trouble as I had.
John Mills
Sr. Software Engineer
TGA Technologies, Inc.
100 Pinnacle Way, Suite 140
Norcross, GA 30071-3633
e-mail: [EMAIL PROTECTED]
Phone: 770-441-2100 ext.124 (voice)
770-449-7740 (FAX)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
