Question: How to make sure that all passwords (root and non-root) are stored as MD5 Hashing standard?
Please follow the below steps in order to achieve the same:
1. Run the below command:
# cat /etc/pam.d/system-auth | egrep "password|sufficient"
Output would be something similar to:
... password sufficient pam_unix.so shadow nullok try_first_pass use_authtok password required pam_deny.so ...
2. Look for the line starts with “password sufficient“. Currently we do not see any Hashing protocol is mentioned. So we need to mention ‘md5’ here to make sure that is the Default Hashing used across all User’s.
Modify the line as below:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
Save and come out of the file.
3. Now we have to change the password (of the existing Users) in order to activate MD5 Hashing. We can confirm it by running the command,
# cat /etc/shadow | grep test
Here test is a user name. We can expect something similar to:
test:$1$VwVZHnKm$9eiKyPyiJLSSfYd58RzbQ.:16692:0:99999:7:::
Here note the “$1$” which indicates that it is using MD5 Hashing.