SUMMARY: Solaris 9 /etc/shadow file, MD5 problem.

From: Stanley Laufer <slaufer_at_slis.sjsu.edu>
Date: Mon Jan 31 2005 - 20:32:44 EST
Hi All,

Thank you, thank you to all who replied, since a number
of the suggestions led me in the right direction.

The consensus was that the $ indicated that the password
was encrypted using a newer encryption algorithm (most likely
MD5).

Although interestingly, the problematic /etc/shadow passwords
only had a "$1" at the beginning, instead of "$1$".

"$1$" appears to be the more common way to denote that the
entry is in MD5 encryption.  So, I'm not sure what that's
all about.

In any case, I eventually had the thought that perhaps a
recent patch had "broken" MD5.  After all, some of these MD5
passwords have been around for many months, and we have never
before had a problem.

So, on that hunch, I tracked down patch 112874-30 and uninstalled
it, and lo and behold, the MD5 password problem went away.

Several of you also indicated that I could force Sol 9 to
only use the standard UNIX DES encryption by removing MD5,
Blowfish, and Sun MD5 from CRYPT_ALGORITHMS_ALLOW in policy.conf.

I'll keep that on the back burner in case we decide to go
one way or the other (completely back to DES or completely
forward to MD5 or Blowfish).

The bottom line is that I should have done my homework when
Solaris 9 came out.  I did not realize that support for
additional encryption algorithms had been added.

Thanks again for all of your responses.  This forum has
been quite helpful over the years, and I'm sure it will
remain so for years to come.


Stanley E. Laufer
Network Administrator
School of Library and Information Science
San Jose State University
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon Jan 31 20:33:21 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:43 EST