HPE Community
Operating System - HP-UX
1829582 Members
1623 Online
109992 Solutions
New Discussion

Re: md5 hash is not recognized

 
SOLVED
Go to solution
tmartiro
Occasional Contributor

‎04-14-2010 04:59 AM

‎04-14-2010 04:59 AM

md5 hash is not recognized

Hi,

I installed sudo on my hp server. The OS version is 11v3.
The passwords are crypt with bsdmd5 algorithm instead of standard des in /etc/shadow file. I can easily log in to the system via ssh using that passwords. Then I decided to install sudo command as it is not installed by default (ixSudo A.14.00-1.7.2). Now the problem is that users are getting the password incorrect message when trying to type their passwords after invoking the command "sudo su -".

P.S.
for user whom password is in des format in /etc/shadow the "sudo su -" command works like a house on a fire.

thanks in advance
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎04-14-2010 05:03 AM

‎04-14-2010 05:03 AM

Re: md5 hash is not recognized

Shalom,

Take a look at the sudoers file, the configuration for sudo.

There is also an md5 add in depot on http://software.hp.com that might help, though I thought this was part of the 11.31 base install.

What I think is probably happening is something incorrect in the basic sudo configuration for these users.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎04-14-2010 05:52 AM

‎04-14-2010 05:52 AM

Solution

Re: md5 hash is not recognized

As far as I know, HP-UX does not support the bsdmd5 password hashing algorithm. Sad but true.

Your SSH probably has a built-in support for bsdmd5-hashed passwords, and you've configured your sshd to directly read the /etc/passwd and /etc/shadow instead of using the system's PAM libraries.

(HP SSH is a port of OpenSSH, whose "native" OS platform is OpenBSD... so the built-in BSDmd5 support is no surprise there.)

The only md5 depot on software.hp.com I know of is the "md5sum" tool, which only allows verifying the integrity of files using md5sums. It is not at all related to /etc/shadow and passwords. The depot also supplies the libcryptx library, to allow other programs to use the md5 algorithm... but no PAM libraries to make use of the algorithm in password hashing.

There is a depot called LongPassword available for HP-UX 11iv3 on software.hp.com. It adds the support for SHA512-hashed passwords. The algorithm identifier in the beginning of the hashed password strings will be "$6$".

So, up to and including HP-UX 11iv2, the only supported password hashing algorithms were the traditional DES-based Unix "crypt", and the HP-proprietary "bigcrypt" used in Trusted System Mode when the password length was increased beyond 8 characters.

In 11.31 there is now an option to use SHA512... if an additional package is installed. I hope this means other algorithms might be added in the future.

MK
MK
Reply
tmartiro
Occasional Contributor

‎04-14-2010 08:08 PM

‎04-14-2010 08:08 PM

Re: md5 hash is not recognized

Thanks a lot for quick responses.
So I decided to use SHA512 as HP-UX 11v3 does not support bsdmd5.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.