Pluggable Auth Modules / Bugs / #305 Password hashes are stored in opasswd as MD5

#305 Password hashes are stored in opasswd as MD5

Milestone: feature-request

Status: closed-wont-fix

Owner: Tomas Mraz

Labels: modules (176)

Priority: 5

Updated: 2009-09-29

Created: 2009-09-16

Private: No

Passwords are stored using MD5 in /etc/security/opasswd even when /etc/shadow is using SHA512 hashes.

Relevant line from the configuration files:

password sufficient pam_unix.so sha512 remember=4 shadow use_authtok

Discussion

Ladadadada - 2009-09-16

I'm not sure which versions this is valid for but CentOS reports that I have 0.99.6.2-4.el5 installed. The most recent code seems to have Goodcrypt_md5() sprinkled through it which looks suspiciously like it might be the culprit.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Thorsten Kukuk - 2009-09-29

assigned_to: nobody --> t8m
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Tomas Mraz - 2009-09-29

Please just use the pam_pwhistory module instead of the remember option of pam_unix.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Thorsten Kukuk - 2009-09-30

0.99.6 id pretty old, stable code trees are 1.0 and 1.1. 1.1.0 contains pam_pwhistory.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: