Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 6711

Summary: chpasswd doesn't do MD5 passwords
Product: [Retired] Red Hat Linux Reporter: tom
Component: shadow-utilsAssignee: Eido Inoue <havill>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: mitr, persteinar.iversen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 4.0.4.1-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-16 22:16:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description tom 1999-11-04 09:03:50 UTC
When MD5 passwords have been enabled, chpasswd doesn't
detect this and keeps making normal DES 8 character one.

[root@newblack /root]# useradd testuser
[root@newblack /root]# passwd testuser
Changing password for user testuser
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfuly
[root@newblack /root]# grep testuser /etc/shadow
testuser:$1$A.TWky7$K6CQwzI2gBESw13SlaWBd0:10899:0:99999:7:-
1:-1:1345345
[root@newblack /root]# chpasswd
testuser:somepass
[root@newblack /root]# !grep
grep testuser /etc/shadow
testuser:0wuPb0XucJRXA:10899:0:99999:7:::13435344
[root@newblack /root]# userdel testuser

Comment 1 Stephen John Smoogen 2000-04-25 20:45:59 UTC
most of shadow utils doesnt deal with MD5 passwds
usermod -p
useradd -p
etc

In these cases it only imports the first 8 characters of the string

Comment 2 Preston Brown 2000-07-13 19:06:56 UTC
nalin: looks like these need PAM-ification.  You own shadow-utils now. :(

Comment 3 Stephen John Smoogen 2003-01-24 18:54:02 UTC
Bug still exists in Red Hat Linux 8.0. Pretty sure it is in Phoebe also.

Comment 4 Per Steinar Iversen 2003-08-29 13:14:50 UTC
This bug is still not resolved in RedHat 9 or even in the Severn beta. Yet a
simple fix exists that works on RedHat 9 or Severn at least: Modify
/etc/login.defs to contain this line:

MD5_CRYPT_ENAB  yes

Please add this line when MD5 passwords are selected, it should be a trivial fix
and improves password security.