CentOS 5 :: Shadow Passwords - Changing Encryption Method From MD5 To SHA?
Nov 4, 2009
I'm looking to find out exactly how to go about changing the encryption method of shadow passwords from MD5 to something a bit stronger, like SHA. I've been looking around for a bit now and haven't found out how to do it. I've gathered that I'll most likely need to change the /etc/pam.d/system-auth file. Right now, there is a line that looks like this:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok.I'm guessing the md5 should be changed to something else, like sha256. What else? I know I'll need to reset all passwords once the change is made, but I thought there was someplace else that controls how the passwd command encrypts passwords.
I am just wondering what encryption method the shadow file uses, so that I may be able to manually change it. I ask this because I am trying to make a web page that will allow people to change their linux password via a browser.
i am wanting to put a list of common passwords on a usb stick, but i want the file to be password protected. I also need to be able to access it from more than one computer (all linux, maybe a mac too).
I'd like to allow my laptop to be disconnected from the network and login with a user stored on LDAP. I know nscd can cache usernames and groups but not shadows, but is there a solution that will cache passwords?
I am moving my Linux server from Suse 10 to Ubuntu 9.04 and I moved the significant parts of /etc/shadow, /etc/passwd, and /etc/group over to Ubuntu 9.04. I am not able to login into the computer with the old accounts. The only problem I see is that the old accounts use Blowfish and DES to encrypt the passwords in /etc/shadow, and Ubuntu uses SHA512. If I change the passwords, the accounts will work. However; I have about 300 accounts to move, and I don't want to do that to all of them. I have tired Ubuntu Forums and talked to every linux expert I know, and no one has an answer.
Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
I just recently upgraded from 10.10 to 11.04, but using the classic desktop instead of unity, mainly because unity sucks big time, but that's a different story, anyway, when I used 10.10 I had a key setup for access to my remote SSH server, but now when I try to set up a new key using passwords and encryption, I get:- "Couldn't configure secure shell keys on remote computer", followed by:- '** (process:2532):WARNING **:couldn't open fd 27:Bad file desciptor' 3 lines of this with different process numbers then I got ''** (process:2535):WARNING **:couldn't open fd 27:Bad file descriptor: Permission Denied. Please try again'
I have not changed anything on the remote server at all. I can access SSH using PuTTy sucessfuly, but I want to set up a key using the ubuntu passwords and encryption key program, but since ugrading to 11.04 I can not do that for some reason.
I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
I want to encrypt a text using rsa encryption method. I did it using command openssl but i want it using my library api, the library api is as, int rsa_calc (unsigned char * msg, unsigned char * mod, int count, int exp, unsigned char result); I can't understand how i input public key (.pem file) and what will be the modulus (unsigned char * mod) and exponent (int exp) for any text.Is there any kind of formula to calculate modulus and exponent of the text.
I would like to be able to store all my important details and passwords in such a way that it is encrypted, easy to get the information out and is cross-platform. Basically, I am thinking that if I kick the bucket that I would like to make it as easy as possible for others to be able to access this information using a pre-arranged password.
Ideally I would like the files to contain the program that is needed to extract the data i.e. importantinfoLinux.sh inportantinfoWin.exe (Just like a self-containing zip). I haven't found anything along those lines.
The things I am currently thinking of is:
1) A password database program that is cross-platform like KeePass. WIth the bundle contining the relevant installers for win, linux and OS X and the database file.
2) An AES encrypted zip of the data with relevant programs to open it e.g. 7-zip on windows, peazip on linux and OS X
Has anyone got any thoughts on this? Any self-containing java encryption apps?
I'm trying to backup my old PC games so that I can finally banish their CDs to the attic once and for all. I've just been using the DD command to grab iso's of my games so far, while keeping their keys in a text file (see the DD command below). However, I just hit my C&C collection and I'm having some problems with some of the newer games like Renegade and Yuri's Revenge. I think they must be copy protected or something. 4 of my last discs have stopped copying at exactly 1.7MB (3 seperate DVD drives, 2 IDE, 1 USB enclosed). Can you guys think of anything else that will cause DD to fail at this location? Any ideas? I'd prefer it to be a command line option, as I'm trying to make things go as quickly as possible. Here's the command I've been using. code...
I want to know, how does changes happened in the encrypted password in /etc/shadow file , when user changing password . because user doesnot have access on that file
I have a lot of passwords and keys for FTP and SSH connections that I need to keep. When using the "Passwords and Encryption Keys" the Export menu is sensitive/disabled.
I need to back them up, amongst other things, as I'll be re-partitioning my hard drive which will most likely result in a fresh install of Ubuntu.
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
When I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?
Is there a DE/distro neutral (I guess CLI) method of changing a given user's user ID on a Linux system? I want to set all my systems to have the same UserID so my external hard drive stops giving permission errors when moving between them.
and my current working directory is sub1link, is there a quick way to either: change directory to link source parent (i.e something similar to cd .. but take the user to /dir1/ change directory to link source (i.e switch from /dir2/sub1link/ straight to /dir1/sub1
Its 2 weeks i'm trying to configure freeradius2 on centos5 64bit after installed it from yum.all seems working, but i cant authenticate unix users.after digging in many sites its simply cant find user name and password ( ++[unix] returns notfound )Also how can i paste here all the radiusd -X log lines? i can't find any radius.log file.
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
I have a Centos NIS server that is working fine with other linux clients. i need to have a Solaris 8 client bind to the NIS domain and found out that Sol8 does not support MD5 format passwords that the NIS master is generating. so i am trying to disable the MD5 encryption on the nis master and it does not seem to work. i run this command
and it restarts portmap and nis services ok. on the master server i then do a yppasswd username and a make passwd and it still uses the 34 char password format. what do i need to do to disable MD5 passwords in a centos nis server?
I got my FTP up and working but I want to make it secure. If I leave anynomus users turned on it works just fine but I want to have some security over it and don't want anynomus users. No matter How I try and connect to it if I turn off anynomus users it will not let me connect.
A much older version of the program compiled against GTK 1.2 works on CentOS 5.3
A current version of the program, compiled against GTK2, works in Slackware 12.1, 12.2 and 12.3. But I have a failure (see below) in CentOS 5.3.
The GTK library for each dist is libgtk-x11-2.0.so.0.800.20 for Slackware 12.1 libgtk-x11-2.0.so.0.1200.9 for Slackware 12.2 and 12.3 and libgtk-x11-2.0.so.0.1000.4 under CentOS 5.3
I have had the software working on different versions of GTK as well but no longer that that version information available.
(Below) -- I believe I've narrowed it down to the function gtk_entry_set_text in some (but certainly not all) instances.
I could provide details, but I doubt they really matter. My best guess is that libgtk-x11-2.0.so.0.1000.4 is broken. So, I'd like to replace it without learning how to compile gtk from scratch or causing problems with the rest of CentOS.
As I recent convert from Ubuntu to Centos, I have a lot to learn. In Ubuntu, I can plug in a memory stick, run the menu option: System/Adminstration/Partition Manager, highlight the memory stick and choose "Format: Encrypt"
In Centos, my memory stick is /dev/sdc1, how do I, using command line: format it as /ext3, encrypt it using cryptsetup, and set a password?
We have a production web site running apache 2.2.3 across several web servers. we also have a major problem with SPAM comments right now. our method of identifying valid IPs (whether by external clients/customers, or internal personnel) vs SPAM'ers is not ideal - its prone to erroneously labeling legit IP's as targets to be blacklisted.
What we need is.. a way to see how much distinct request traffic is coming from any given IP address to the site in real time (or very near realtime). Essentially we want to see in some graphic/chart way requests per sec to apache / per ip sorted by requests per sec.Would nTop do this? I've only used this in a limited form at a branch office, not on a production web server.
I recently downloaded and installed CentOS 5.3 DVD media.The media check passed. I proceed to install the operating system sucessfully. After installation, all my hardware is recognized, when compared to CentOS 5.2. Anyway, when I attempt to connect to my wireless network that uses either WEP/WPA/WPA2-- I get an error message that I cannot recall (it basically only came up when I entered the key) However, I can connect to my wireless network when it is unencrypted and no open/shared key is needed.I would like to be able to connect to my wireless network when
FYI: I am using a RealTek RTL8185 Wireless Driver.Also, I use CentOS as a workstation.
I am trying CentOS (as a change from openSuse), I have downloaded DVD and have loaded it as a Virtual Machine. So far so good. It did a "quick" install, which leaves me with Gnome as my desktop, I am used to using KDE, so I tried to use "Add/Remove Software" to load KDE. I also want to load other software which I have as RPMs.
Two questions:
1. My VM is not connected to the internet and when I open the package manager it tries to retrieve information from on-line repositories - I have tried disabling on-line repositories. I do not want it to look on-line, so how do I get it to just look at the installation DVD?
We do use kickstart configuration file to customize the CentOS installation. In the partitioning screen, I do see a check box for encryption (encrypting the disk blocks).
I want to remove this checkbox in my kickstart configuration file. What is the option to use to get rid of this checkbox.
