This page was edited more than a year ago (2007-08-27), content might not be relevant or accurate anymore.

Hashing passwords with Blowfish

Instructions applies to Debian but should be similar on other distributions.

Firstly you need to install PAM module capable of Blowfish, install libpam-unix2:

apt-get install libpam-unix2

Then change PAM configuration in /etc/pam.d:

  • in /etc/pam.d/common-account change:
account required        pam_unix.so

to:

account required        pam_unix2.so
  • in /etc/pam.d/common-auth change:
auth    required        pam_unix.so nullok_secure

to:

auth    required        pam_unix2.so nullok
  • in /etc/pam.d/common-password change:
password   required   pam_unix.so nullok obscure min=4 max=8 md5

to:

password   required   pam_unix2.so nullok obscure min=4 max=8 blowfish
  • in /etc/pam.d/common-session change:
session required        pam_unix.so

to:

session required        pam_unix2.so

:!: This is basic configuration, if you have custom configuration (e.g. for fingerprint reader or some servers) don't forget to change it accordingly.

From now on passwords will be hashed with blowfish, run passwd to rehash your password. Existing passwords are still valid.

 
Back to top
howto/hashing_passwords_with_blowfish.txt · Last modified: 2007/08/27 01:16 by disorder
 
 
disorder's homepage Valid CSS Valid XHTML 1.0 Recent changes RSS feed