MD5 Support

Andrew Pollock andrew-fai at andrew.net.au
Fri Feb 7 06:06:49 CET 2003


Hi,

I didn't realise that shadow passwords had crept into the equation as 
well. I turn them on by going:

chroot $target shadowconfig on

in one of the scripts, I use DEFAULT/S30

Andrew

On Fri, Feb 07, 2003 at 10:16:09AM +1100, senaque at thepla.net wrote:
> On 6 Feb 2003 at 12:37, Recycle Computer shaped the electrons to say...
> 
> > 
> > Change the pam configuration files to allow md5?
> > 
> > --mark--
> > 
> 
> Hello fellow faiers,
> 
> Firstly, many thanks for all the help and suggestions you have given on this topic.
> 
> Mark, this is how I have been doing it all along and from what I've heard, what everyone else has 
> been doing for the sake of 'getting things going' aswell, but as Andrew has mentioned in earlier 
> posts, it really is a cludge as the passwd program will remain to be unconfigurable nor registered 
> with debconf.
> 
> I am unsure of the long-term gravity of doing so, and have therefore not posted a "SUMMARY" to 
> the list yet to close the topic officially and this is because I still have hopes of finding out how to 
> achieve this :-) MD5 and shadow as far as I am concerned are fundamental and basic necessity 
> of any system that wishes to be even marginally secured and should not only be fixed but a 
> default ;-) Now, I've continued doing some research on the matter and I have found out a few 
> concrete things. In Chapter 5 of the Debian Policy Manual (http://www.debian.org/doc/debian-
> policy/ch-miscellaneous.html) it specifically states:
> 
> "Since an interactive debian/rules script makes it impossible to auto-compile that package and 
> also makes it hard for other people to reproduce the same binary package, all required targets 
> MUST be non-interactive."
> 
> Am I to understand the passwd program _should_ actually be able to install non-interactively if it is 
> to comply with the Debian policy? Furthermore, I am using 'woody' here not a testing nor unstable 
> release and this is what worries me even more, it may 'never get fixed'. In response to Sebastien's 
> e-mail a few days ago, I have the following package versions in woody(stable):
> 
>     dpkg/woody uptodate 1.9.21
>     debconf/woody uptodate 1.0.32
>     passwd/woody uptodate 20000902-12
>     base-passwd/woody uptodate 3.4.1
> 
> One interesting thing to note is that we both have the same passwd version (although I don't know 
> his base-passwd and whether this should interfere with it or not). This leads me to believe it may 
> not be a problem with the passwd package itself, but something else, however it is made more 
> confusing since many of the other packages I install which make use of debconf (like apache, 
> etc), install non-interactively perfectly. In the meantime, I have been trying to work out the problem 
> myself by ripping everything apart and recompiling the passwd program (which is really a shadow 
> suite with 12 or so patches + the login program), and doing things like setting the "-x" parameter 
> for bash in the passwd.config script in the hopes of seeing anything that may possibly be causing 
> this, etc.
> 
>  I would like to know if anyone on this list has experience with submitting bugs to b.d.o and/or can 
> say for certain what is causing this so that I may submit a bug report. The only thing stopping me 
> from doing so already is that the _same_ passwd program is used in both a working and non-
> working system as mentioned previously. Also worth mentioning is that if passwd is installed 
> _interactively_ through dialog (even on the FAI freshly installed or chrooted system $ROOTCMD 
> dpkg-reconfigure -fdialog passwd), it works _perfectly_. 
> 
> Strange indeed.
> 
> Ideas? Thoughts? Comments?
> PS- Sorry for the inordinately long post :-)
> 
> Regards,
> 
> Senaque
> ---
> E-MAIL: senaque at thepla.net
> IRC: #FAI @ irc.freenode.net
> WWW: http://www.sf.net/users/senaque/
> 



More information about the linux-fai mailing list