Artur Krzywanski

Blowfish support in Debian Etch

by Artur on Nov.06, 2008, under Security

A quick how to about enabling blowfish password encryption in Debian.

Why you shouldn’t use md5 passwords (default in Etch)

To enable blowfish support, you have to install libpam-unix2 and libpam-passwdqc packages.

user@computer:$ apt-get install libpam-unix2 libpam-passwdqc

Package libpam-passwdqc is used to enable password checks when changing passwords.

Next you have to replace all references of pam_unix.so with pam_unix2.so in all files under /etc/pam.d
You can use perl one liner to do that:

user@computer:$ perl -pi -w -e 's/pam_unix.so/pam_unix2.so/g;' /etc/pam.d/*

Now edit /etc/pam.d/common-password and change:

password   required   pam_unix2.so nullok obscure md5

to

password   required   pam_unix2.so nullok obscure blowfish

You have to change all passwords to be saved using blowfish. You do not have to restart your server afterwards.

Bookmark and Share
:, , , ,

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...