These are archived pages, most of them date back to 2007-2012. This content might not be relevant or accurate anymore.

Hashing passwords with Blowfish

Instructions applies to Debian but should be similar on other distributions.

Firstly you need to install PAM module capable of Blowfish, install libpam-unix2:

apt-get install libpam-unix2

Then change PAM configuration in /etc/pam.d:

  • in /etc/pam.d/common-account change: account required pam_unix.so

to:

account required        pam_unix2.so
  • in /etc/pam.d/common-auth change: auth required pam_unix.so nullok_secure

to:

auth    required        pam_unix2.so nullok
  • in /etc/pam.d/common-password change: password required pam_unix.so nullok obscure min=4 max=8 md5

to:

password   required   pam_unix2.so nullok obscure min=4 max=8 blowfish
  • in /etc/pam.d/common-session change: session required pam_unix.so

to:

session required        pam_unix2.so

⚠️ This is basic configuration, if you have custom configuration (e.g. for fingerprint reader or some servers) don’t forget to change it accordingly.

From now on passwords will be hashed with blowfish, run passwd to rehash your password. Existing passwords are still valid.

 
 
 
disorder's homepage