Date: Sat, 8 Jul 2000 22:55:19 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Evren Yurtesen <yurtesen@ispro.net.tr> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DES 2 MD5 Message-ID: <20000708225519.A185@dialin-client.earthlink.net> In-Reply-To: <Pine.BSF.4.21.0007081345010.75320-100000@finland.ispro.net.tr>; from yurtesen@ispro.net.tr on Sat, Jul 08, 2000 at 01:48:11PM %2B0300 References: <Pine.BSF.4.21.0007081345010.75320-100000@finland.ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 08, 2000 at 01:48:11PM +0300, Evren Yurtesen wrote:
> I have been using DES on my system and I have approx 2000 users
> with DES passwords. Is it possible to make the system create the
> new passwords with MD5 only? unfortunately when I use DES then
> the system recognises the MD5 passwords also but the other way
> around is not working. (well didnt work when I tried last)
>
> How can I make simple programs like passwd and adduser to create
> these passwords as MD5 even though I use DES? Or should I use
> brute force to find out all passwords and then encrypt them
> again???!?!?
This comes up from time to time and there is presently no easy way to
convert a user who has a DES password to MD5. With the descrypt
libraries, passwd(1) defaults new passwords to DES and will keep a DES
password DES and a MD5 stays MD5. The scrypt library only understands
MD5.
Hacking some kind of switch into passwd(1) so that it will (a) default
new users one way or the other and (b) make all changed passwords move
to one or the other via some switch (/etc/passwd.conf or an entry in
login.conf) would be very useful. Even if the hack is not pretty,
sending in patches with a change-request PR might get things moving.
That said, here is a very ugly, but quick approach:
(1) User successfully logs in with current DES password.
(2) User uses your special 'newpasswd' wrapper.
(3) The newpasswd wrapper puts a dummy entry in master.passwd that
will trick passwd(1) into thinking the user has a MD5 password.
(4) The wrapper starts passwd(1) and the user sets a new MD5
password.
This could be scripted or in C. However, it needs root privs so all of
the caveats about suid scripts and programs are implied.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000708225519.A185>