LinuxSecuiry

From WeWeWeb Wiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Linux Upgrade Password Hashing Algorithm to SHA-512

The default algorithm for storing password hashes in /etc/shadow is MD5. I was told to use SHA-512 hashing algorithm. How do I set password hashing using the SHA-256 and SHA-512 under CentOS or Redhat Enterprise Linux 5.4?

You need to use authconfig command to setup SHA-256/512 hashing. This command provides a simple method of configuring /etc/sysconfig/network to handle NIS, as well as /etc/passwd and /etc/shadow, the files used for shadow password support. Basic LDAP, Kerberos 5, and SMB (authentication) client configuration is also provided.

Display Current Hashing Algorithm

Type the following command: 

 # authconfig --test | grep hashing

Sample outputs: 

 password hashing algorithm is md5

Configure Linux Server To Use The SHA-512

To configure the Linux system to use the SHA-512 algorithm, enter: 

 # authconfig --passalgo=sha512 --update

Note users need to change their passwords in order to generate hashes using SHA-512. You can force users to change their password on next login: 

 # chage -d 0 userName

Goto Linux

Retrieved from "https://www.weweweb.net/wiki/index.php?title=LinuxSecuiry&oldid=85"