Blowfish support in Debian Etch

Posted by on November 6, 2008 Leave a comment (0) Go to comments

A quick how to about enabling blowfish password encryption in Debian.

Why you shouldn’t use md5 passwords (default in Etch)

To enable blowfish support, you have to install libpam-unix2 and libpam-passwdqc packages.

user@computer:$ apt-get install libpam-unix2 libpam-passwdqc

Package libpam-passwdqc is used to enable password checks when changing passwords.

Next you have to replace all references of pam_unix.so with pam_unix2.so in all files under /etc/pam.d
You can use perl one liner to do that:

user@computer:$ perl -pi -w -e 's/pam_unix.so/pam_unix2.so/g;' /etc/pam.d/*

You also need to change /etc/pam.d/common-auth file:

auth required pam_unix.so nullok_secure

to

auth required pam_unix2.so nullok

Now edit /etc/pam.d/common-password and change:

password required pam_unix2.so nullok obscure md5

to

password required pam_unix2.so nullok obscure blowfish

You have to change all passwords to be saved using blowfish. You do not have to restart your server afterwards.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
Security, , , ,