FreeBSD Mail Archives

Date:      Wed, 27 Feb 2008 13:49:31 GMT
From:      Erwin Peter <erwinpeterarcor.de@FreeBSD.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/121146: Adduser produces defective blowfish cipher password hashes on FreeBSD 7.0-RC3 amd64 and i386
Message-ID:  <200802271349.m1RDnV0e064999@www.freebsd.org>
Resent-Message-ID: <200802271400.m1RE04NB020211@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         121146
>Category:       bin
>Synopsis:       Adduser produces defective blowfish cipher password hashes on FreeBSD 7.0-RC3 amd64 and i386
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 27 14:00:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Erwin Peter
>Release:        FreeBSD 7.0-RC3 amd64
>Organization:
>Environment:
FreeBSD erwin.example.net 7.0-RC3 FreeBSD 7.0-RC3 #0: Wed Feb 20 15:41:33 UTC 2008     root@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Blowfish cipher password hashes look strange after creating users with adduser on FreeBSD 7.0-RC3 amd64 and i386:

user0:$2a$04$xYpywjtq..............p1dnhRzopxTA03kej/n.6zzH1IPnFnq:1001:1001::0:0:User &:/home/user0:/bin/sh
user1:$2a$04$x8Oz2mIk..............ic9QqpzeeBC/8UkJkon5pW5N5TfwDAG:1002:1002::0:0:User &:/home/user1:/bin/sh
user2:$2a$04$lmDQpxT6..............iNc5meFZZnmw7byA8rt2ouR9wHoXmua:1003:1003::0:0:User &:/home/user2:/bin/sh
user3:$2a$04$c.RmkxcN..............oy3vTt.DSXmmn4.0FmpAjXdWJ1Q/AOq:1004:1004::0:0:User &:/home/user3:/bin/sh
user4:$2a$04$wuch.t4M..............oyvIaigqtR9kp0q1M9I.y3fYHxtqHRm:1005:1005::0:0:User &:/home/user4:/bin/sh


You can fix it by using passwd to reset the passwords:

user0:$2a$04$3FigWO7CgDRWakxDPQ50leHU6739Qj3e62mymnSfKNDq8qs0B8fAi:1001:1001::0:0:User &:/home/user0:/bin/sh
user1:$2a$04$5ngJCj0kptu4Lm.i3o4d9OJpLQH6yY4TFtWwVBxTdnaTHaN0nqTm6:1002:1002::0:0:User &:/home/user1:/bin/sh
user2:$2a$04$tkQwdseohOkb83U2XJnmk.r6ghthOrPB9i4VByq8w49mpUbNsvyPq:1003:1003::0:0:User &:/home/user2:/bin/sh
user3:$2a$04$Lq5HoOpnsfSpiocSIQqdrOi2XkzXWRcBQ3grTXzEES0Mx2tP8IBAa:1004:1004::0:0:User &:/home/user3:/bin/sh
user4:$2a$04$x03.j9m1V/fP2biVVQzFJOjUYvobXaAbqAESdE6N6Y8vz6GyVwHuK:1005:1005::0:0:User &:/home/user4:/bin/sh
>How-To-Repeat:
1. change default-profile's passwd_format to blf in /etc/login.conf
2. cap_mkdb /etc/login.conf
3. change crypt_default to blf in /etc/auth.conf
4. add users with adduser
>Fix:
Reset passwords with passwd.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802271349.m1RDnV0e064999>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation