|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [discuss] Converting user accounts from OpenBSD...
From: Mark Watts (m.watts
eris.qinetiq.com)
Date: Thu Sep 25 2003 - 04:24:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> On Wed, 2003-09-24 at 02:53, Mark Watts wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > I have a bunch (~200) user accounts on an OpenBSD server, using blowfish
> > encryption, which I need to convert to Linux (mdk 9.1) format.
> >
> > Is there a way of making linux use blowfish for passwords?
> >
> > I'm guessing that actually converting the password hashes is going to be
> > almost impossible...
> >
> > Cheers,
> >
> > Mark.
> >
> > - --
> > Mark Watts
> > Senior Systems Engineer
> > QinetiQ TIM
> > St Andrews Road, Malvern
> > GPG Public Key ID: 455420ED
>
> Sorry for the semi-troll, but I just have to ask: why in the world
> would you down-grade from OpenBSD to Linux? That makes about as much
> sense as migrating from Linux to Win2K (at least in terms of security).
>
You apparently don't know much about securing linux boxes then...
It's also an issue of management - every other server we have has been
converted to linux (apart from our Exchange cluster) except for this bsd box.
If a new patch comes out, I only need to know how to update linux (read:
mandrake) boxes, not some other mechanism that bsd uses.
(As an aside, I also dislike the rc scripts that bsd uses with a passion. Give
me SysV any day...)
> By the way, I don't see how it would be possible to convert the hashes
> into anything useful. As you know, authentication is done by hashing
> what the user enters for the password and comparing it with what is
> hashed already... As for Linux being able to use blowfish, sadly I do
> not know. Perhaps there is support under PAM?
I have found that linux _can_ use blowfish, but you have to patch glibc among
other things. (www.openwall.com).
Mark.
- --
Mark Watts
Senior Systems Engineer
QinetiQ TIM
St Andrews Road, Malvern
GPG Public Key ID: 455420ED
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/crQ0Bn4EFUVUIO0RArnaAJ0RUJNNXIO0LiD08kVLncr4qC2eIACfangh
qrXrlTmAy4SISHML4+OV1tg=
=4NJN
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]