authconfig
The Linux user password hashing algorithm is also configurable. Use the authconfig command to determine the current algorithm being used, or to set it to something different. To determine the current algorithm:
# authconfig --test | grep hashing password hashing algorithm is sha512
Change the hashing algorithm
To change the algorithm, use the –passalgo option with one of the following as a parameter: descrypt, bigcrypt, md5, sha256, or sha512, followed by the –update option.
# authconfig --passalgo=md5 --update
Forcing users to switch to new algorithm
When the hashing algorithm is changed, by default existing users need to change thier passwords, in order to use the new algorithm. You can either :
1. change all non-root users passwords or
2. force users to change the passwords on next login.
1. change all non-root users password
Here is a small for loop to change the passwords of all non-root users to be same as their usernames.
# for i in `cat /etc/shadow | awk -F: '{if ( $1 != "root" && $2 ~ /^!?[[:alnum:]./$]/ ) print $1}'` do passwd --stdin $i <<<$i done
2. Force all non-root users to change their password on login
Similar to above loop, we can also force non-root users to change their passwords on next login :
# for i in `cat /etc/shadow | awk -F: '{if ( $1 != "root" && $2 ~ /^!?[[:alnum:]./$]/ ) print $1}'` do chage -d0 $i <<<$i done