2008
11.06

Blowfish support in Debian Etch

Category: Security / Tag:  / Add Comment

A quick how to about enabling blowfish password encryption in Debian.

Why you shouldn’t use md5 passwords (default in Etch)

To enable blowfish support, you have to install libpam-unix2 and libpam-passwdqc packages.

user@computer:$ apt-get install libpam-unix2 libpam-passwdqc

Package libpam-passwdqc is used to enable password checks when changing passwords.

Next you have to replace all references of pam_unix.so with pam_unix2.so in all files under /etc/pam.d
You can use perl one liner to do that:

user@computer:$ perl -pi -w -e 's/pam_unix.so/pam_unix2.so/g;' /etc/pam.d/*

You also need to change /etc/pam.d/common-auth file:

auth    required        pam_unix.so nullok_secure

to

auth    required        pam_unix2.so nullok

Now edit /etc/pam.d/common-password and change:

password   required   pam_unix2.so nullok obscure md5

to

password   required   pam_unix2.so nullok obscure blowfish

You have to change all passwords to be saved using blowfish. You do not have to restart your server afterwards.

Bookmark and Share

No Comment.

Add Your Comment

Your Comment