pam configuration

gboyce gboyce at badbelly.com
Wed Nov 15 16:46:54 EST 2006


You could try running john the ripper on the passwords and re-encrypt the 
passwords that you were able to crack.  There could be issues if someone 
currently thinks they have an password over 8 characters though since the 
unix encrypted password likely ignores everything after 8 characters while 
the md5 encrypted password should not.

And there's also the issue of not being able to brute force some of the 
passwords, but you'll probably be able to get most if not all of them.

On Wed, 15 Nov 2006, John Boland wrote:

> folks,
>
> i've got a strange config request dumped on me.  external ftp server is 
> being moved from sun os (yeah, it's that old!) to linux. there are 
> almost 300 ftp accounts that need to be moved.  the linux box is already 
> setup with some accounts using md5 passwords and they work well. my 
> problem is that the customers using the ftp service have passwords (yes, 
> i know that's a BAD thing, but they're customers!) embedded in scripts 
> that handle the file transfers and it will be practically impossible to 
> get them to change the password (or tell us what it is so that we can 
> change it). so, what i've thought is to simply copy over the encrypted 
> passwd string from the sunos shadow file to the linux shadow file. i've 
> tried this using a couple of test accounts on the sunos box, no joy in 
> mudville! so, for two of the test accounts, i changed their passwords to 
> md5. but i couldn't authenticate on the linux box.  this was due to an 
> invalid shell being setup for the account, /bin/false. i removed the 
> "auth pam_shells.so" line from /etc/pam.d/vsftpd and the accounts that i 
> changed to md5 now work! so, i'm trying to figure out how to allow md5 
> and unix-style passwords on the same system. i've added "account 
> pam_unix_passwd.so" to no avail. are md5 passwords an all or nothing 
> setting?
>
> any tips/thoughts/directions???
>
> tia...
>
> -- 
> If it ain't broke, you're not trying hard enough!
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Discuss mailing list