[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Shadow Passwords

Subject: Re: [cobalt-security] Shadow Passwords
From: Ake Brannstrom <ake@xxxxxxxxxxx>
Date: Thu, 2 Aug 2001 17:58:25 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Monday 30 July 2001 23:38, you wrote:

> to date.  We also have not kept password change records in the past. 
> Although this may be considered "bad" administration by some, we have not
> had reason to regret this policy till now (Famous last words?).

I consider it to be good administration. 

> Our problem is that the Cobalt OS seems to encrypt passwords differently
> than on the RedHat 6.0 system.  For example when moving accounts from
> Redhat6.0 to FreeBSD servers we could simply cut and paste the shadow line
> and it would work.  Does anyone have a suggestion on what we can do to
> solve this issue, or am I up the creek without a decrypted paddle.

Most likely, the Cobalt box uses MD5 encryption instead of the weaker 
DES-based crypt.  Most such implementations allows for both MD5 and DES. I 
suggest you just try to cut and paste one password. Have you tried this?

Sincerely, 
Ake Brannstrom

References:
- [cobalt-security] Shadow Passwords
  - From: cobalt

Prev by Date: Re: [cobalt-security] SFTP on Raq4 as Root?
Next by Date: Re: [cobalt-security] SFTP on Raq4 as Root?
Previous by thread: Re: [cobalt-security] Shadow Passwords
Next by thread: [cobalt-security] Force Pkg install

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index