Fixing /etc/shadow with md5 passwords to sha512 passwords

Posted by dr jimbob on Ask Ubuntu See other posts from Ask Ubuntu or by dr jimbob
Published on 2011-06-22T03:41:42Z Indexed on 2011/06/22 8:31 UTC
Read the original article Hit count: 537

Filed under:
|
|

I recently upgraded an ubuntu server with many users to a recent version from a version from 2008. The server used to use md5 password hashes (e.g., the shadow passwords began with $1$) and now is configured to use sha512.

I'd prefer to keep using sha512, but would like the old users to be able to partially login once with their old password and then be forced to update their password (even if its the same password) generating a sha512. Right now, the old md5-based passwords in /etc/shadow won't let the user login at all (and just appear to be incorrect passwords).

This seems like plenty of people should have had to do this before; yet I can't see how to do it, looking in the common places like /etc/pam.d/common-password nad /etc/login.defs. Also users will be logging in via ssh; and I do not have everyone's contact info (email or otherwise); and some login fairly rarely.

Any help? (Googling doesn't seem to give any good solutions).

© Ask Ubuntu or respective owner

Related posts about login

Related posts about password