PAM authentication is not working in SuSE

In SuSE 10 it is possible to set the user's password encryption type. The supported encryption types are Blowfish and MD5. Kerio MailServer requires MD5 ecryption for PAM users.

It is possible to set the encryption type during system installation or in the configuration file /etc/default/passwd. The encoding type is stored in line CRYPT_FILES, where Kerio MailServer needs MD5 encryption.

You can also use the graphical interface YaST for the configuration as shown on following picture:

Users created with the Blowfish password encryption need to change their password after this change. After the password change is complete the new password is saved using the MD5 encryption type.

The algorithm used for password encryption can be found in the /etc/shadow file:

  • DES (without prefix), ex.: abJnggxhB/yWI
  • MD5 (prefix $1$), ex.: $1$L/321sYmS$ygjf8.6wKiHfNF3rir2ca/
  • Blowfish (prefix $2a$), ex.: $2a$12$23Yu.28GxZ8bB41WCbPXF.s5NeH5TPbtLdtIkIQZwS1XajF5uuUnK

For reference SuSE 10 uses the Blowfish algorithm by default, while other distributions usually use MD5.