From owner-freebsd-stable Fri Oct 12 2:36: 2 2001 Delivered-To: freebsd-stable@freebsd.org Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by hub.freebsd.org (Postfix) with ESMTP id 42E0C37B405 for ; Fri, 12 Oct 2001 02:35:58 -0700 (PDT) Received: from localhost (marck@localhost) by woozle.rinet.ru (8.11.6/8.11.6) with ESMTP id f9C9Zi179120; Fri, 12 Oct 2001 13:35:45 +0400 (MSD) (envelope-from marck@rinet.ru) Date: Fri, 12 Oct 2001 13:35:44 +0400 (MSD) From: Dmitry Morozovsky To: William Wong Cc: freebsd-stable@FreeBSD.ORG Subject: Re: adduser and passwords In-Reply-To: <00b601c152e1$00a9ece0$0300a8c0@cr190326a> Message-ID: <20011012132915.J73101-100000@woozle.rinet.ru> X-NCC-RegID: ru.rinet MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 12 Oct 2001, William Wong wrote: WW> I just installed a 4.4R system (with the crypt distro) and noticed the WW> following behaviour: WW> WW> I created a few users using the 'adduser' command and then looked at WW> master.passwd WW> The passwords seem to be DES hashed instead of MD5'd. WW> WW> I did a 'passwd' and the new password used the system default (MD5). WW> WW> Is adduser hardcoded to generate DES passwords? We'd discovered this issue and here is possible answer: adduser is written in Perl, and password hashing as doing there via crypt() perl function. However, there's no current way in perl to select crypt method, which is done by passwd(1). Here is quick'n'dirty fix to adduser (this should be done more politely, sure ;-) to put '*' when password is empty to not open your system with passwordless user between adding new user and changing its password. Index: adduser.perl =================================================================== RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v retrieving revision 1.44.2.2 diff -u -r1.44.2.2 adduser.perl --- adduser.perl 2001/07/30 23:56:48 1.44.2.2 +++ adduser.perl 2001/10/12 09:35:23 @@ -710,7 +710,7 @@ if (&new_users_ok) { $new_users_ok = 1; - $cryptpwd = ""; + $cryptpwd = "*"; $cryptpwd = crypt($password, &salt) if $password ne ""; # obscure perl bug $new_entry = "$name\:" . "$cryptpwd" . Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message