Thanks for the replies, Don't worry about the Mandrake specific stuff; I'm on Redhat. although it seems to the same as what you're talking about;
My shadow is in format: fakeaccount:$1$5PXJfLSQ$LSxsnZfHzBrkDdT2NZefK.:11600:0:99999:7::: (the password was 'password') I probably would not have the .php script make the changes; it would need to run as root and I can't have that. I would make a simple C program which would go 'changepwd <username> <newpasswordencrypted>' as i said before. this means i can have that run as root, and -know- all it will do is change passwords. Yeah I would probably put the requirement to put in old password as well, although to get to that screen you need to get there anyway ... Evan Nemerson wrote: > Here's what I got from the mandrake security mailing list so far: > > > > > This is strange. I was just going to write a mail to this list about > this. it seems that /etc/shadow accepts both crypt passwords (the short > passwd) and MD5 passwords. (34 characters with $ and slashes does seem > to me like md5). I found this because I was transferring users between > servers so I copy and pasted the passwords and it worked on both > occasions. very strange... > > Bye > -- > Haim > > On Thu, Oct 04, 2001 at 11:07:57PM -0700, Evan Nemerson wrote: >> Does anyone know what algorithm is used on the passwords in the >> /etc/shadow or /etc/passwd files? All the documentation I can find says >> crypt is used with two characters of salt which should output 13 >> characters. However my shadow file shows 34 character strings with dollar >> signs and slashes (shouldn't the output be alpha-numeric???). I already >> checked md5- nope. >> >> Please reply to my e-mail address since i don't subscribe to this list >> (sorry, but i get enough php-general to keep me busy). >> >> >> Thanks in advance, >> Evan Nemerson >> >> > -- Sigurd Magnusson Chief Programmer, Director Totally Digital -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
