Date: Thu, 15 Apr 2004 01:01:45 -0700 (PDT) From: Bernard Buri <bsd@ask-us.at> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/65557: passwd uses passwd_format of default login class Message-ID: <200404150801.i3F81jkj005795@www.freebsd.org> Resent-Message-ID: <200404150810.i3F8AKoa028217@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 65557
>Category: bin
>Synopsis: passwd uses passwd_format of default login class
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 15 01:10:20 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Bernard Buri
>Release: 5.2.1-RELEASE-p3
>Organization:
ask!
>Environment:
FreeBSD ***hostname*** 5.2.1-RELEASE-p3 FreeBSD 5.2.1-RELEASE-p3 #6: Fri Mar 26 02:07:00 CET 2004 root@***hostname***:/usr/obj/usr/src/sys/BABYLON i386
>Description:
Setting up a login class in /etc/login.conf with a different passwd_format than the default class (e.g. blf instead of md5) will work now with the adduser script.
But when the user attempts to change his password via the passwd utility, this will generate an md5 password because it uses the format of the default login class.
>How-To-Repeat:
as root:
edit /etc/login.conf: remove comments from last entry (des_users)
update the database: cap_mkdb -v /etc/login.conf
change your class: chpass -> Class: des_users
change your password: passwd
look a the encoded password: chpass
you can see that the password starts with $1... (md5)
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404150801.i3F81jkj005795>