Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Oct 2001 13:35:44 +0400 (MSD)
From:      Dmitry Morozovsky <marck@rinet.ru>
To:        William Wong <willwong@samurai.com>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: adduser and passwords
Message-ID:  <20011012132915.J73101-100000@woozle.rinet.ru>
In-Reply-To: <00b601c152e1$00a9ece0$0300a8c0@cr190326a>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 12 Oct 2001, William Wong wrote:

WW> I just installed a 4.4R system (with the crypt distro) and noticed the
WW> following behaviour:
WW>
WW> I created a few users using the 'adduser' command and then looked at
WW> master.passwd
WW> The passwords seem to be DES hashed instead of MD5'd.
WW>
WW> I did a 'passwd' and the new password used the system default (MD5).
WW>
WW> Is adduser hardcoded to generate DES passwords?

We'd discovered this issue and here is possible answer:

adduser is written in Perl, and password hashing as doing there via
crypt() perl function. However, there's no current way in perl to select
crypt method, which is done by passwd(1).


Here is quick'n'dirty fix to adduser (this should be done more politely,
sure ;-) to put '*' when password is empty to not open your system with
passwordless user between adding new user and changing its password.

Index: adduser.perl
===================================================================
RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v
retrieving revision 1.44.2.2
diff -u -r1.44.2.2 adduser.perl
--- adduser.perl        2001/07/30 23:56:48     1.44.2.2
+++ adduser.perl        2001/10/12 09:35:23
@@ -710,7 +710,7 @@
        if (&new_users_ok) {
            $new_users_ok = 1;

-           $cryptpwd = "";
+           $cryptpwd = "*";
            $cryptpwd = crypt($password, &salt) if $password ne "";
            # obscure perl bug
            $new_entry = "$name\:" . "$cryptpwd" .


Sincerely,
D.Marck                                   [DM5020, DM268-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011012132915.J73101-100000>