Responding to my own post …

One can enable shadow via shadowconfig, and can change from crypt() to MD5 via dpkg-reconfigure passwd

I shall know tomorrow how safe this is on a live running system, heh.

Sunny Dubey

Hi,

There are no reasons why you should run into any problems, as long as you are not using NIS, which for a VPS should not be a problem.

You can unable md5 and shadow at the same time using

dpkg-reconfigure passwd

Although it does not tell you if they are turned on or not and I can not remember how to find out if they are already turned on.

Adam

@adamgent:

Although it does not tell you if they are turned on or not and I can not remember how to find out if they are already turned on.

debconf-show passwd

My approach is quite simple: The first thing I do every time after installing Debian stable is to tweak /etc/sources.list to switch to unstable, and then do a reckless "apt-get dist-upgrade". During the upgrade somewhere, the passwd package would have needed reconfiguration anyway and I would've switched on MD5 and shadow.

So why do you upgrade your distro to the unstable version?

Adam

Well, for one thing, I love living dangerously. :shock:

Actually, it's mainly because unstable has PHP 4.3.x (4.3.2+rc3-6 right now), which brings a small collection of niceties like filegetcontents().

"unstable" is more stable than the name suggests, apart from occasional crashes of mozilla, various X and gnome components, etc. which I don't use anyway. Spectacular b0rkage of ssh and pam did happen a few months ago… but I take special care to upgrade such key packages, i.e. mark the package as "on hold" in dselect, monitor bugs.debian.org for about a week before taking the plunge.

I tend to install most things by hand, as the debain packages do tend to be out of date most of the time.

The only time I usually use apt-get of for small things and things that I really can not be bothered to install from source.

Adam