PDA

View Full Version : SHA512 password hash for SuSE 10



jvang
09-Oct-2012, 19:44
Hi,

I have a RedHat NIS server, which is configured to use SHA512 for password hashes.

It appears SuSE 10 only supports MD5 or Blowfish.

Does anyone know if I can get SHA512 support on SuSE 10 clients, and if so, how I go about setting that up ?

Cheers, Jack...

ab
09-Oct-2012, 21:03
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My SLES 11 boxes already have this option built in. I can see some
references online stating that SLES 10 SP2 may also have had this
option, but I do not have a box that old to check (SLES 10 is pretty old
at this point). If it's an option I"d guess you need to be on a current
Support Pack at least which should be doable by downloading it from the
download site. Similarly RHEL 5.0 does not look like it supported
sha512 so I'm guessing your RHEL box is newer than the originally
shipping 5.0 version.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQdIMoAAoJEF+XTK08PnB5CeUP/RgFRGrqlPIiadlSrFMSkCcn
a00p/uGzJ+qDh237wTlFAhF8C9lfnAviUe4vQGwzlR6nK3Sbr+4mjW3 6N9P5MU3D
vDA9ZJAdBRh7QGGNn02j3z+7eRKxKrljTQCgqddES5RNycZAW0 mwMe92EfpoyvVo
7vM1mABq2AMun9ihF9gPivDPtRoU85yM2gMgDK1FAaMyl+b/GRAflXTN7jzi5hwp
0mYryXDa8Y20xu/z+ksoDE7f3f1bjwPJE/xt67gqmUGR62MGltboO6pAVoinKyXv
ckuD9j0Kl5lZSUhutIcsZVcRWyuCAHFMUDgKWLDmAFOyoASb/mHZBO9o3rPAM4FX
BeKnCvfbCw6VPwT7ndP6vpUsnYUTTaOSljFqV5TWcbE4JSlpnr hql5voOMxf6UfJ
gEcXsBBad+GVTo1S1LW7tmZXMueOZhg2FKkdlZAOqCZQZRlGhZ DA65e7qg+MPSC6
dgL7eE5b3mRvg22VHTok0XGETxk5UqPF588ChIkJ9cO2b2P8Ye fgAH4/8iKkiGzK
vvfHkm4EEnF9LokM/3gXO++9zideypWQ7p5pCPX9ggcoQaxv0GQ0mBaxqwu7Op3D
Xc3RdgbKMqV07VjAQ3Ds9WOo3q4M/XjuqDuySZiEHoAsq+GlXkUTy+VXRMioZq39
iShLw3otpI3ow5IhDDyx
=aQ8U
-----END PGP SIGNATURE-----

jvang
11-Oct-2012, 23:24
Hi ab,

Thanks for your reply.

Can you let me know where you saw references to SHA512 support for SLES 10 SP2. I can't find this anywhere.

Our NIS server is a RHEL6 server, but we did find docs on how to add SHA512 support for the older RHEL5 and RHEL4 clients, so I have to believe it is also possible to do for SLES 10 SP2 (or not ...).

Cheers, Jack...

ab
11-Oct-2012, 23:56
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Looking again I think it's talking about sha-512 for other (non-password
hashing) purposes, so nevermind. Can you add this functionality?
Sure... it's not like Linux changed that much between kernels to make
some common math impossible in 10 where it works in 11, but will it be
supported? That's probably a different story. Can you enable it with a
weird hack of Yast, or can you only get it to work from the command
line? More good questions. Are you willing to take those risks?
Again, more good questions.

This all started with something about NIS on RHEL. I assume you would
be authenticating to SLES 10 (or any system, 10, 11, or another distro)
just using the NIS setup as a credential store. If that's the case,
what does SLES support of sha-512 have to do with this? Is it SLES's
job to sha-512 hash the password, maybe with some salt even, and then
send it across to the server for verification? If there's a salt, how
does it know what that is? I'm more familiar with LDAP-stye
authentication and most of the systems I've seen there send the real
password (securely) to the backend datastore for verification, so they
don't need to support anything other than SSL to work properly.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQd06eAAoJEF+XTK08PnB5WJgQALbcJGPIsT mUbEe1XKjvX939
/IqT/i6GX5xwxt5NF71HpxB6cmazHpIqWBgtLEU1bYv6JrPJcaB2jGo M9GIWSgt5
ipYs9EyxaOZlGwifw+gRcfw/0171FUmwLYbLCkQH8FfG1gcfTGEK/T9BtXBQoH6p
w4funfh99PnU49dJKXX6r2vb01hut4F6j4CbixdwhNwxvOIJZN sfjsmzLEMnrq64
tr3HAGOGmhQsKEqlks77EdrEbeyZFZx2sIQ0pJwb7/Vy4afHd4wasb8j6FlgL4gk
xnv+yPkwj7GK1eIx0BIYQG49i8sria/jU6GZssly8vPQ867OhnDJXW2xtV4REOm1
WSz1Z+h2+yyxLJwMOC+Wqe42aSkipgaal2FFX1e+tsxcsdxhbl G1Cx02JYbZbvhp
u/Bo7KQnv284nzINdNEWP5guOtbEtAS/9ZLIV4W+8rtkNVBncCq5/9D41FqwXDEe
3REFb0+ITeOoWvSDiHO+V70jiTohCjCf4+ipQlrnuqvX6mhlOd rqiieJKr0C3+Qd
aGs6xVxYMWCTpEBaSOPW41ODgxScg1QT0v6yfqUqPMxWwSN7oj RI9A0BJwVKEf1I
Bm3WruDIznta87zq3/0CD8m+mM8b8/xFAzi8wosKXnZCbJLHxloC4Fu8F8Ge5YLo
pxcjFSVDWLq2jU06Gzhy
=QHB6
-----END PGP SIGNATURE-----