Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)
On Tue, 28 May 2013, Andreas Meile wrote: I tried that out on a lab system where I replaced pam_unix.so into pam_unix2.so inside both common-auth and common-password config files. Result: The system nows recognizes all $2a$ (Blowfish) password hashes but does not longer accepts $6$ (SHA-512) password now. Use both at the same time to check credentials, and only pam_unix to change credentials (to migrate to sha-512 over time). But be very careful on how you stack them, or you will create a nasty security hole. I strongly suggest you do a very through reading of the PAM documentation before you attempt this. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130531011850.ga32...@khazad-dum.debian.net
Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)
Hello Recoverym4n Thanks for your hint. - Original Message - From: recovery...@gmail.com To: debian-user@lists.debian.org Sent: Monday, May 27, 2013 7:40 PM Subject: Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy) Install 'libpam-unix2' package. Configure PAM as outlined in /usr/share/doc/libpam-unix2/README.Debian. It is that simple. I tried that out on a lab system where I replaced pam_unix.so into pam_unix2.so inside both common-auth and common-password config files. Result: The system nows recognizes all $2a$ (Blowfish) password hashes but does not longer accepts $6$ (SHA-512) password now. In the meantime, I migrated several user accounts to $6$ (SHA-512) hashes using passwd to setting new passwords so there's a $6$/$2a$ mixture in /etc/shadow now. So what I actually need is a way that $6$ hashes are ok for any created new user account as well as invoked passwd command (=setting passwords always as $6$) but the authentication must accept both $2a$ and $6$, i.e. must be able to deal with a mixed /etc/shadow database. So existing user still can login with their $2a$ Blowfish hash while all my new users use a $6$ SHA-512 hash. So I think a configuration rule to use pam_unix.so and pam_unix2.so simultaneously will help. Andreas -- Teste die PC-Sicherheit mit www.sec-check.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/edb958b5aba84ba1aa76af5a278e9...@meilebiz.loc
/etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)
Hello Debian users I recently migrated an old SuSE Linux 9.3 box to Debian 7 Wheezy. There I backuped the /etc/shadow file to import the existing passwords from my users to the new Debian environment using a vipw -s command as part of the migration. Result: Classic UNIX hashes (format [0-9A-Za-z]{13}) still work but those hashs beginning with $2a$10$ don't. When resetting the user's password using passwd as root, the new hashes begin with $6$. Questions: - Is there a good overview WWW link about all these $Version$[Subversion?$] formats? - Is there a special Debian package or system configuration parameter where I can enable using older hash formats (but passwd still can set changes into the new $6$ format) or is setting a new password to every affected user the only way? Thanks in advance. Andreas -- Teste die PC-Sicherheit mit www.sec-check.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e77a0727989c4fc1946f0dc9e59ab...@meilebiz.loc
Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)
Andreas Meile mailingli...@andreas-meile.ch asked about /etc/shadow: Is there a good overview WWW link about all these $Version$[Subversion?$] formats? man shadow says of the encrypted password field, Refer to crypt(3) for details on how this string is interpreted. man 3 crypt contains a NOTES section that identifies the ID and describes its format. Specifically, $6$salt$encrypted is SHA-512. Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ul1c7ax19h@news.roaima.co.uk
Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)
Hello Chris - Original Message - From: Chris Davies ch...@roaima.co.uk To: debian-user@lists.debian.org Sent: Monday, May 27, 2013 2:54 PM Subject: Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy) man 3 crypt contains a NOTES section that identifies the ID and describes its format. Specifically, $6$salt$encrypted is SHA-512. Thanks for the hint. Already done: ID | Method - 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7) So this lights out the situation: While SuSE 9.3 used Blowfish as extended password encryption method, Debian Wheezy uses SHA-512 for that. A short view inside older Linux boxes: Squeeze also uses SHA-512, and Lenny uses MD5 according this table. A apt-cache search blowfish shows me a lot of Blowfish related packages. So is there one on it which extends the login authentication routine also to process Blowfish hashes in /etc/shadow or is that a much more complicate procedure (compiling a new kernel for example)? Andreas -- Teste die PC-Sicherheit mit www.sec-check.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/f1a5ebde1a764a27949818853efe8...@meilebiz.loc
Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)
On 05/27/2013 04:23 PM, Andreas Meile wrote: Hello Chris - Original Message - From: Chris Davies ch...@roaima.co.uk To: debian-user@lists.debian.org Sent: Monday, May 27, 2013 2:54 PM Subject: Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy) man 3 crypt contains a NOTES section that identifies the ID and describes its format. Specifically, $6$salt$encrypted is SHA-512. Thanks for the hint. Already done: ID | Method - 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7) So this lights out the situation: While SuSE 9.3 used Blowfish as extended password encryption method, Debian Wheezy uses SHA-512 for that. A short view inside older Linux boxes: Squeeze also uses SHA-512, and Lenny uses MD5 according this table. A apt-cache search blowfish shows me a lot of Blowfish related packages. So is there one on it which extends the login authentication routine also to process Blowfish hashes in /etc/shadow or is that a much more complicate procedure (compiling a new kernel for example)? Andreas Hi Andreas, I think man login.defs will bring some light on the problem. Regards, Alex -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51a377f3.8030...@biotec.tu-dresden.de
Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)
On Mon, 27 May 2013 16:23:20 +0200 Andreas Meile mailingli...@andreas-meile.ch wrote: A apt-cache search blowfish shows me a lot of Blowfish related packages. So is there one on it which extends the login authentication routine also to process Blowfish hashes in /etc/shadow or is that a much more complicate procedure (compiling a new kernel for example)? Hi. Install 'libpam-unix2' package. Configure PAM as outlined in /usr/share/doc/libpam-unix2/README.Debian. It is that simple. PS Did you ever considered using a real e-mail client? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130527214000.fb529b7f01f0bc8ccbe26...@gmail.com
shadow password
Bonjour, Je viens d'installer un nouveau système woody, et il y a eu un cafouillage inexplicable qui ne m'a pas permis d'indiquer que j'allais utiliser les shadow password et md5. J'ai repris ensuite l'installation et tout est ok, sauf que le mot de passe crypté se retrouve dans /etc/passwd. J'ai créé à la main le fichier /etc/shadow (utilisateur root, groupe shadow). Le groupe shadow existe bien. Dans /etc/pam.d/passwd j'ai corrigé la ligne passwd:password required pam_unix.so nullok obscure min=4 max=8 md5. Malgré cela, lorsque je corrige le mot de passe d'un utilisateur avec la commande passwd, celui-ci ne passe pas dans /etc/shadow mais reste dans /etc/passwd même si je mets avant à blanc son mot de passe dans /etc/passwd. A priori le module pam_unix.so détecte et utilise automatiquement les mots de passe masqués stockés dans /etc/shadow afin d'authentifier les utilisateurs. Est-ce que j'ai oublié quelquechose ? Pouvez-vous m'aider ? -- - Bertrand Lemaitre ISTIA Université d'Angers 62 Av Notre Dame du Lac , 49000 Angers -
Re: shadow password
* Bertrand lemaitre [EMAIL PROTECTED] [2003-05-06 11:41] : Bonjour, Je viens d'installer un nouveau système woody, et il y a eu un cafouillage inexplicable qui ne m'a pas permis d'indiquer que j'allais utiliser les shadow password et md5. J'ai repris ensuite l'installation et tout est ok, sauf que le mot de passe crypté se retrouve dans /etc/passwd. J'ai créé à la main le fichier /etc/shadow (utilisateur root, groupe shadow). Le groupe shadow existe bien. Dans /etc/pam.d/passwd j'ai corrigé la ligne passwd:password required pam_unix.so nullok obscure min=4 max=8 md5. Malgré cela, lorsque je corrige le mot de passe d'un utilisateur avec la commande passwd, celui-ci ne passe pas dans /etc/shadow mais reste dans /etc/passwd même si je mets avant à blanc son mot de passe dans /etc/passwd. A priori le module pam_unix.so détecte et utilise automatiquement les mots de passe masqués stockés dans /etc/shadow afin d'authentifier les utilisateurs. Est-ce que j'ai oublié quelquechose ? D'activer les mots de passe shadow avec shadowconfig on ? Et peut-être de convertir les anciens mots de passe avec pwconv ... Fred -- LA FAQ d-u-f ? http://savannah.nongnu.org/download/debfr-faq/html/
Re: shadow password
Le mar 06/05/2003 à 11:41, Bertrand lemaitre a écrit : Bonjour, Je viens d'installer un nouveau système woody, et il y a eu un cafouillage inexplicable qui ne m'a pas permis d'indiquer que j'allais utiliser les shadow password et md5. J'ai repris ensuite l'installation et tout est ok, sauf que le mot de passe crypté se retrouve dans /etc/passwd. J'ai créé à la main le fichier /etc/shadow (utilisateur root, groupe shadow). Le groupe shadow existe bien. Dans /etc/pam.d/passwd j'ai corrigé la ligne passwd:password required pam_unix.so nullok obscure min=4 max=8 md5. Malgré cela, lorsque je corrige le mot de passe d'un utilisateur avec la commande passwd, celui-ci ne passe pas dans /etc/shadow mais reste dans /etc/passwd même si je mets avant à blanc son mot de passe dans /etc/passwd. A priori le module pam_unix.so détecte et utilise automatiquement les mots de passe masqués stockés dans /etc/shadow afin d'authentifier les utilisateurs. Est-ce que j'ai oublié quelquechose ? Pouvez-vous m'aider ? -- - Bertrand Lemaitre ISTIA Université d'Angers 62 Av Notre Dame du Lac , 49000 Angers - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] J'ai tenté une manipulation qui a visiblement décoincé le problème. 1- création d'un utilisateur bidon par adduser. 2- après avoir vérifié que cet utilisateur avait son mot de passe généré dans /etc/shadow, j'ai remis à blanc le mot de passe d'un autre utilisateur présent dans /etc/passwd; et ai créé une ligne pour lui dans /etc/shadow 3- j'ai changé le mot de passe de cet autre utilisateur, et là, par chance il l'a corrigé dans /etc/shadow et non pas remis dans /etc/passwd C'est comme si adduser avait décoincé /etc/shadow. Merci à ceux qui m'ont aidé. -- - Bertrand Lemaitre ISTIA Université d'Angers 62 Av Notre Dame du Lac , 49000 Angers -
Passwords, Shadow Password and Samba Passwords
I am trying to set up Samba to share a printer on my network. I am using Potato 2.2r2. I can see the Linux computer from Win98 but cannot enter the required password. I notice from /var/log/samba that there is a problem with no /etc/samba/smbpasswd entry for user 'default'. There is no /etc/samba/smbpasswd and this was an option from sambaconfig. I have read that the problem may be that Samba is not complied for shadow passwords? I believe I chose these when originally installing potato. I do not know how to create /etc/samba/smbpasswd. The command smbpasswd reports an error on any password for any user. Even the user 'default' that I created. It does create an /etc/samba/smbpasswd but with just a header comment that does not show the requuired format. Any clues to where I am going wrong? Paul Clark
Re: Passwords, Shadow Password and Samba Passwords
A few month ago I had the same problem, and a lot of people here solved all my doubts... there are the abstract of the 'Samba Passwords Amazing History': Situation: 1. Samba allows the use of PAM (aka shadow passwords if you configure it) and authentification through smbpasswd. 2. Win98 by default, only allows encripted authentification 3. Encripted authentification only can be done under samba using smbpasswd, 'cos the encription mechanism is diferent between Windows and Un*xes, and samba uses the same mechanism as Windows in his smbpasswd file. Solution: 1. You can add users using the command smbpasswd, that creates the smbpasswd file, and then use the option 'encrypt passwords = yes' into the smb.conf file. 2. You can disable the encripted authentification from Win98 updating a parameter into Windows Registry (into Samba.org's ftp you can found a Win98_PlainPassword.reg file that does it), and then selecting the 'encrypt passwords = no' option. Before it the samba daemon will use the PAM system to authentificate users, as any other service. This option sends the passwords in plain text, but the mechanism from Windows isn't secure, 'cos you send a hashed password that is the same every time... Well, If you have any problem I can send you more detailed instructions off-the-list, and I can send you the registry file. Bye, and Good Luck! On Mon, 5 Feb 2001, Paul Clark wrote: I am trying to set up Samba to share a printer on my network. I am using Potato 2.2r2. I can see the Linux computer from Win98 but cannot enter the required password. I notice from /var/log/samba that there is a problem with no /etc/samba/smbpasswd entry for user 'default'. There is no /etc/samba/smbpasswd and this was an option from sambaconfig. I have read that the problem may be that Samba is not complied for shadow passwords? I believe I chose these when originally installing potato. I do not know how to create /etc/samba/smbpasswd. The command smbpasswd reports an error on any password for any user. Even the user 'default' that I created. It does create an /etc/samba/smbpasswd but with just a header comment that does not show the requuired format. Any clues to where I am going wrong? Paul Clark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] _ Josep Llauradó Selvas [EMAIL PROTECTED] Linux Registered User #153481 KeyFP: D82F 525C DD22 02C9 6909 20D6 F622 F3E8 18CD C548 The only intuitive interface is the nipple. After that, it's all learned. (in comp.os.linux.misc, on X interfaces.) _
Re: crypt() isn't generating a valid md5/shadow password
On Wed, Oct 18, 2000 at 11:33:17PM -0400, Chris Gray wrote: On Wed, Oct 18, 2000 at 11:04:32PM -0400, Chris Gray wrote: On Wed, Oct 18, 2000 at 04:48:16PM -0700, Peter Jay Salzman wrote: sorry, but i'm trying to write some tools for beowulf administration. consider the program: printf(Usage: encrypt salt password\n); strncpy(password, crypt(argv[1], salt), 49); argv[1] is the salt, not the password. Try fixing this and see what happens. Replying to myself, the crypt(3) man page also states The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself) So it makes sense that the salt should start out the password. Yes, the purpose of the salt is to break dictionaries. (ie, the knowledge that 'foo' always encrypts to 'xyzzy', to mix magic words). 'foo' can encrypt to '17xyzzy' or '23bar' or lots of other things (an obscenely large number of other things with MD5: the two-character rule is for the mutated DES of old crypt()). Knowledge of the salt doesn't give you anything useful unless you -happen- to have a dictionary for that salt... not bloody likely with an 8 character random string. (It shouldn't be '12345678', though: it should be random, or two users with the same password will encrypt the same.) -- CueCat decoder .signature by Larry Wall: #!/usr/bin/perl -n printf Serial: %s Type: %s Code: %s\n, map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack 'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= C x length; } /\.([^.]+)/g;
crypt() isn't generating a valid md5/shadow password
sorry, but i'm trying to write some tools for beowulf administration. consider the program: #includestdio.h #includestring.h #includecrypt.h int main(int argc, char **argv) { char password[50]; char salt[50]; if (argc != 3) { printf(Usage: encrypt salt password\n\n); exit(1); } else if (strlen(argv[1]) != 8) { printf(Usage: encrypt salt password\n); printf(The salt must have 8 characters.\n\n); exit(1); } else if (strlen(argv[2]) 5 || strlen(argv[2]) 10) { printf(Usage: encrypt salt password\n); printf(The password must be 5-10 characters.\n\n); exit(1); } strncpy(salt, $1$, 3); strncat(salt, argv[1], 46); strncpy(password, crypt(argv[1], salt), 49); printf(%s\n, password); return(0); } here's an example: # ./a.out 12345678 mypassword $1$12345678$f8QoJuo0DpBRfQSD0vglc1 this is suspicious to begin with. the salt appears in the encrypted password?ok, whatever. i put it in /etc/shadow and try to log in using a password of mypassword $ su testuser Password: su: incorrect password i typed in the password correctly. i was hoping this would give me something i could use for /etc/shadow to create a new user. what's going on with the password? why isn't it working? pete
Re: crypt() isn't generating a valid md5/shadow password
On Wed, Oct 18, 2000 at 04:48:16PM -0700, Peter Jay Salzman wrote: sorry, but i'm trying to write some tools for beowulf administration. consider the program: printf(Usage: encrypt salt password\n); strncpy(password, crypt(argv[1], salt), 49); argv[1] is the salt, not the password. Try fixing this and see what happens. Cheers, Chris -- It is much easier to be critical than to be correct. -- Benjamin Disraeli
Re: crypt() isn't generating a valid md5/shadow password
On Wed, Oct 18, 2000 at 11:04:32PM -0400, Chris Gray wrote: On Wed, Oct 18, 2000 at 04:48:16PM -0700, Peter Jay Salzman wrote: sorry, but i'm trying to write some tools for beowulf administration. consider the program: printf(Usage: encrypt salt password\n); strncpy(password, crypt(argv[1], salt), 49); argv[1] is the salt, not the password. Try fixing this and see what happens. Replying to myself, the crypt(3) man page also states The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself) So it makes sense that the salt should start out the password. Cheers, Chris -- It is much easier to be critical than to be correct. -- Benjamin Disraeli
how to turn on shadow password
When I installed hamm 2.0, at first, I choose to turn off shadow password system. Now I want to turn on the shadow password system. How do I do it? Thanks Anthony -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: how to turn on shadow password
On Sun, 26 Jul 1998, Cheng Dien Yiu Anthony wrote: : When I installed hamm 2.0, at first, I choose to turn off shadow password : system. Now I want to turn on the shadow password system. How do I do it? Type 'shadowconfig on' as root. -Remco -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Shadow Password
Saludos, en mi sistema tengo istalada la shadow password. Cómo funciona la relación entre el /etc/passwd y el /etc/shadow? Es decir como se relacioan los campos de cada archivo. Hasta pronto, J. Parera -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
problem for qpopper2.4 with shadow password
I want to compile qpopper2.4 with the shadow passwords. The INSTALL file explain that i have to define a AUTH variable in the Makefile but at the compile there is a error, in pop_pass.c ,with pw_encrypt -- Julien Ortega -- EXTERN e-mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
shadow password
what is the advantage comparing to dis in shadowing password? kusuma
shadow password support
I have just upgraded a system from 1.1 + shadow password packages to 1.2. Unfortunately it converted my shadow system to a non shadow system (BUG: it also left /etc/password readable by root only). I'm just wondering what is the current shadow support in debian 1.2? And what are the plans for full shadow support? -- Bernard LeachAustralian Business Access Pty Ltd. [EMAIL PROTECTED] http://www.aba.net.au/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: shadow password support
There are shadow packages in project/experimental. We plan authentication support (not just shadow) for 1.3 . Thanks Bruce -- Bruce Perens K6BP [EMAIL PROTECTED] Finger [EMAIL PROTECTED] for PGP public key. PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6 1F 89 6A 76 95 24 87 B3 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: shadow password
root:x:0:root,your loginname ... I don't like that. It seems unsafe to me. There's gotta be a better solution Currently, I am putting in special users in /etc/suauth but I only know the syntax for making su ask for the current users passwd, and not root's. Would like to prompt it to ask for root's password. Workaround anyone? Roger Endo yep, its safer to but the usernames in suauth looks like (file /etc/suauth): root:ALL EXCEPT login1,login2:DENY or root:ALL EXCEPT login1,login2,GROUP root:DENY watch out! keyword GROUP let the parser know that all words behind GROUP are group names - only the : escapes. the examples let the users login1 and login2 and all users in group root (2nd examp.) to get root access by enter the roots password, all others will receive the message access denied. root:login1:NOPASS root:login2:OWNPASS root:ALL EXCEPT login3:DENY let the user login1 get root access without passwd the user login2 have to put in his own passwd and the user login3 have to use the root passwd all other user cant get in so if you want the users login1 login2 and login3 to be promted for the root password you use: root:ALL EXCEPT login1,login2,login3:DENY hope that helps ciao Helmuth (irc: Pvppet) __Blasch Helmuth,Graz University of Technology, Austria \/ Computing and Information Services Center L\in/uX Steyrergasse 30/Parterre (CE04), 8010 Graz, Austria \/ Email: [EMAIL PROTECTED] Tel.: + 43 316 873 6883 (FAX 7699) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] OK to chmod 640 suauth? What other files in the debian distribution in /etc can be made more unreadable by the world? Seems like a shell user can learn a lot by snooping around in /etc (i.e hosts.deny, hosts.allow) Thanks, Roger -- ~~ Roger Endo President, Warp 9 Technologies LLC SBnet, Internet for Santa Barbara [EMAIL PROTECTED] 805-961-0150 ~~ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
shadow password
I recently intsalled the shadow password packages to my system, everything seems to be going well accept for one minor hassle, my normal account cant become super-user. When i try i get the message that i do not have permission to do so. How do i get the permission? thanks:) Sahua, - mIcHaEl ///\ The Australian Internet Company c-00 ISP par Excellence \http://www.electric-rain.net/ (mine) |\_- http://www.aic.net.au/ (not mine) \ / . On the Plains of Hesitation bleach the bones of countless millions who, at the dawn of victory, sat down to wait and waiting died. -G.W Cecil/Adlai Stevenson. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: shadow password
On Tue, 26 Nov 1996, Fundamental wrote: I recently intsalled the shadow password packages to my system, everything seems to be going well accept for one minor hassle, my normal account cant become super-user. When i try i get the message that i do not have permission to do so. How do i get the permission? you have to be in group root file group: root:x:0:root,your loginname ... ... ... thanks:) Sahua, - mIcHaEl ciao Helmuth (irc: Pvppet) __Blasch Helmuth,Graz University of Technology, Austria \/ Computing and Information Services Center L\in/uX Steyrergasse 30/Parterre (CE04), 8010 Graz, Austria \/ Email: [EMAIL PROTECTED] Tel.: + 43 316 873 6883 (FAX 7699) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: shadow password
-BEGIN PGP SIGNED MESSAGE- r u in the wheel group? /ayn On Tue, 26 Nov 1996, Fundamental wrote: I recently intsalled the shadow password packages to my system, everything seems to be going well accept for one minor hassle, my normal account cant become super-user. When i try i get the message that i do not have permission to do so. How do i get the permission? -BEGIN PGP SIGNATURE- Version: 2.6.2 iQCVAwUBMppbjZ6qvWJYgw1hAQEkIwQAhmKcdjSjAlzQf6U1MpH7XrmHYjNmrkYc 5FYyE0oN6w5gLG1519sDU94LW5NLeg/7M5k6UgWwLb8VyLZtu9KHeblIGaY36FJ2 5wZsL6TaXQEr9debDLtOydW5sbesUv54p0BsMiiV8ZHSZLYLbVS6toi5MDkyFocK 0pAa529J0xM= =x20F -END PGP SIGNATURE- -- Andrew Y Ng [EMAIL PROTECTED] http://andrew.Ngbert.org Carnegie Mellon University; ECE major, Music minor campus ph: 412/862-2836; voice mail: 412/268-6700 x30027 talk: finger [EMAIL PROTECTED] for online status. finger [EMAIL PROTECTED] for more info, such as my public key, geekcode, snail address, etc. NGBERT! http://www.Ngbert.org -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: shadow password
On Mon, 25 Nov 1996, Roger Endo wrote: On Tue, 26 Nov 1996, Fundamental wrote: I recently intsalled the shadow password packages to my system, everything seems to be going well accept for one minor hassle, my normal account cant become super-user. When i try i get the message that i do not have permission to do so. How do i get the permission? you have to be in group root file group: root:x:0:root,your loginname ... I don't like that. It seems unsafe to me. There's gotta be a better solution Currently, I am putting in special users in /etc/suauth but I only know the syntax for making su ask for the current users passwd, and not root's. Would like to prompt it to ask for root's password. Workaround anyone? Roger Endo yep, its safer to but the usernames in suauth looks like (file /etc/suauth): root:ALL EXCEPT login1,login2:DENY or root:ALL EXCEPT login1,login2,GROUP root:DENY watch out! keyword GROUP let the parser know that all words behind GROUP are group names - only the : escapes. the examples let the users login1 and login2 and all users in group root (2nd examp.) to get root access by enter the roots password, all others will receive the message access denied. root:login1:NOPASS root:login2:OWNPASS root:ALL EXCEPT login3:DENY let the user login1 get root access without passwd the user login2 have to put in his own passwd and the user login3 have to use the root passwd all other user cant get in so if you want the users login1 login2 and login3 to be promted for the root password you use: root:ALL EXCEPT login1,login2,login3:DENY hope that helps ciao Helmuth (irc: Pvppet) __Blasch Helmuth,Graz University of Technology, Austria \/ Computing and Information Services Center L\in/uX Steyrergasse 30/Parterre (CE04), 8010 Graz, Austria \/ Email: [EMAIL PROTECTED] Tel.: + 43 316 873 6883 (FAX 7699) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Shadow Password Suite
Has anyone debianized the shadow password suite? | This is OFFICIAL *WRITTEN* notification that I want to be *REMOVED* | | from *ALL* of your mailing lists. *EVERY* message sent from this | | account has had this request posted. ALL UNSOLICITED ADVERTISEMENTS | | SENT TO THIS ACCOUNT ARE IN VIOLATION OF FEDERAL (U.S.) LAW.| -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
RE: shadow password
In reply to the honourable '[EMAIL PROTECTED]' who said: Im sick of solaris x86, we want to migrate or user machine from solaris x86 to debian. The only problem is, i dont want to have to convert 500 passwd/shadow entries into debian passwd entries. Can debian (a package perhaps?) handle shadow? and is the solris encryption the same as the debian? im using debian v2.0.23 with shadow passwords and opie on top of that, no problems here running debian and shadow, except for one small glitch that sometimes happens. if you run pwconv it creates a new /etc/npasswd file with 600 mode, just change it to 644 after renaming it. -- +--+---+ | Software Engineer - C++ and SQL | email: [EMAIL PROTECTED] | +--+---| -- This message was distributed manually by [EMAIL PROTECTED] after the list initially failed to distribute it.
shadow password
*argh* Im sick of solaris x86, we want to migrate or user machine from solaris x86 to debian. The only problem is, i dont want to have to convert 500 passwd/shadow entries into debian passwd entries. Can debian (a package perhaps?) handle shadow? and is the solris encryption the same as the debian? thanks, your help much appreciated:) Sahua, - mIcHaEl ///\ The Australian Internet Company c-00 ISP par Excellence \http://www.electric-rain.net/ (mine) |\_- http://www.aic.net.au/ (not mine) \ / . On the Plains of Hesitation bleach the bones of countless millions who, at the dawn of victory, sat down to wait and waiting died. -G.W Cecil/Adlai Stevenson. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: shadow password
Enough packages have been built with shadow passwords so that you can run them. They are available in the project/experimental directory on our FTP archive. The encryption should be the same. Thanks Bruce -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]