shadow

Enabling md5 shadow password with authconfig

If you notice that /etc/shadow file password is using DES encryption, MD5 encryption can be enabled via:

authconfig --enablemd5 --enableshadow --update

If authconfig is not present edit, "/etc/pam.d/system-auth" and add "md5 shadow" to line starting with "password sufficient pam_unix.so" so it looks like below:

password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok

Shadow password hash explained

You can programmatically generate shadow password hash via:

$ openssl passwd -1 -salt G5cYam5w test.123
$1$G5cYam5w$z0NDUjMRX4xVBKw9Nb6YL0

-1 means md5
G5cYam5w is a random salt (minimum 8)
test.123 is the password

Here is the breakdown:

The first $1 means that it is an md5 hash.
The second $G5cYam5w is a random salt.
The third $z0NDUjMRX4xVBKw9Nb6YL0 is the md5 hash.

Comment