MD5 passwords on SuSE Linux =========================== SuSE Linux is able to handle MD5 passwords. With MD5 encryption, passwords can be longer than 8 characters (up to 128 characters). Since MD5 encryption is not compatible with the default crypt() function, most commercial Unices and some programs don't work with MD5 passwords. So be careful, if you enable this feature. How to enable MD5 passwords: ---------------------------- You need to add the option "md5" to the "password" rules in the PAM config files. You can find the config files in /etc/pam.d. For example, you need to change the following lines in /etc/pam.d/passwd: password required /lib/security/pam_pwcheck.so \ nullok password required /lib/security/pam_unix2.so \ nullok use_first_pass use_authtok to: password required /lib/security/pam_pwcheck.so \ nullok md5 password required /lib/security/pam_unix2.so \ nullok md5 use_first_pass use_authtok This is necessary for every program which is able to change the user's password. At the moment these are at least: /etc/pam.d/login, /etc/pam.d/passwd, /etc/pam.d/sshd and /etc/pam.d/rlogin. You could also use the security module from YaST2 to change the PAM configuration to generate MD5 hashes for new passwords. If you use NIS, you need to replace /usr/bin/yppasswd with a link to /usr/bin/passwd: # cd /usr/bin # mv yppasswd yppasswd.old # ln -sf passwd yppasswd The password will be converted into a MD5 one after the next password change.