4

How can I force the passwd command to use MD5 hash and not to use crypt? I need to get the passwd command to talk to the ldap server (which it does) and use MD5 when I change passwords for the users.

MyOnlyEye
  • 125
  • 1
  • 9

3 Answers3

2

Assuming Linux: set value of ENCRYPT_METHOD in /etc/login.defs to MD5.

Paweł Brodacki
  • 6,451
  • 19
  • 23
  • MD5 (was and) is the choosen ENCRYPT_METHOD in /etc/login.defs - but passwd still makes {crypt} hashes in the LDAP-base. – MyOnlyEye May 14 '11 at 08:30
  • And it says pam_password md5 in ldap.conf... – MyOnlyEye May 14 '11 at 08:36
  • Try this: http://www.fusionnetwork.us/index.php/articles/linux-tutorials/enable-ldap-password-change-on-linux-using-passwd-command/ the author reports a success. – Paweł Brodacki May 14 '11 at 08:48
  • This is beginning to annoy me... if I follow the tutorial pam_password exop gives me SSHA hashes - and if I change it back to pam_password md5 I get crypt hashes. WHY!? :-) – MyOnlyEye May 14 '11 at 10:16
  • 2
    "pam_password exop" in /etc/ldap.conf makes passwd use the password policy from the ldap server (in my case SSHA). I changed the policy in the server to MD5 and it worked. Now changes password with passwd is made with the MD5 hash - and I can happily sync all my users (and passwords) with Google Apps! – MyOnlyEye May 14 '11 at 13:35
2

Set the following in your /etc/login.defs file:

MD5_CRYPT_ENAB yes
tylerl
  • 14,885
  • 7
  • 49
  • 71
0

You can also use the authconfig command like so:

authconfig --enablemd5

Just search in the man page.

mgorven
  • 30,036
  • 7
  • 76
  • 121
Boogy
  • 1