[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Shadow Passwords
- Subject: Re: [cobalt-security] Shadow Passwords
- From: Ake Brannstrom <ake@xxxxxxxxxxx>
- Date: Thu, 2 Aug 2001 17:58:25 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Monday 30 July 2001 23:38, you wrote:
> to date. We also have not kept password change records in the past.
> Although this may be considered "bad" administration by some, we have not
> had reason to regret this policy till now (Famous last words?).
I consider it to be good administration.
> Our problem is that the Cobalt OS seems to encrypt passwords differently
> than on the RedHat 6.0 system. For example when moving accounts from
> Redhat6.0 to FreeBSD servers we could simply cut and paste the shadow line
> and it would work. Does anyone have a suggestion on what we can do to
> solve this issue, or am I up the creek without a decrypted paddle.
Most likely, the Cobalt box uses MD5 encryption instead of the weaker
DES-based crypt. Most such implementations allows for both MD5 and DES. I
suggest you just try to cut and paste one password. Have you tried this?
Sincerely,
Ake Brannstrom