Bug 60129

Summary: gshadow doesn't use MD5
Product: Red Hat Enterprise Linux 5 Reporter: Chris Ricker <chris.ricker>
Component: shadow-utilsAssignee: Peter Vrabec <pvrabec>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: low Docs Contact:
Priority: low    
Version: 5.1.zCC: herrold, kmaraas
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-07 15:17:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Ricker 2002-02-20 18:03:06 UTC 
The gshadow command does not use MD5 encryption for the passwords it generates,
even on systems configured to use MD5 encryption for /etc/shadow

This bug is also present in hampton beta 1
Comment 1 Mike A. Harris 2002-03-01 01:27:13 UTC 
I've changed this bug report to be against the beta as it contains beta
NDA information.  All NDA related information should be only found in 
bug reports filed under the beta.
Comment 2 Chris Ricker 2002-03-01 04:29:28 UTC 
Changing back to 7.2, as this bug is present there and that's where it was
noticed and affecting users.
Comment 3 Chris Ricker 2002-05-05 15:42:20 UTC 
this bug is still present in 7.3 gold
Comment 4 Kjartan Maraas 2003-03-31 20:58:06 UTC 
Is gshadow still in the distro?
Comment 5 Chris Ricker 2003-03-31 21:09:03 UTC 
The /etc/gshadow file is still there, and passwords set in it (using the gpasswd
command) are still being put in DES-encrypted, not MD5-encrypted
Comment 6 Kjartan Maraas 2003-04-02 22:46:08 UTC 
Forgot to add myself to Cc
Comment 7 Chris Ricker 2003-10-17 14:40:50 UTC 
Still true with fedora core

The significance of this bug is that it prevents group-level passwords from
working at all on systems which are using MD5 in /etc/shadow
Comment 8 Tomas Hoger 2008-04-14 08:57:42 UTC 
This issue does no longer affect current Fedora versions (7+).  Red Hat
Enterprise Linux up to version 5 are affected.  However, this issue does not
seem to prevent usage of group passwords on system with MD5 enabled, at least on
Red Hat Enterprise Linux 4 or later.

Due to the minimal security impact of this issue, it will not be treated as
security fix.  I'm proposing as normal bugfix for inclusion in Red Hat
Enterprise Linux 5.
Comment 9 Peter Vrabec 2008-05-07 15:17:00 UTC 
there isn't gshadow command in RHEL. I have tried gpasswd to change group 
password and the hash in /etc/gshadow looks 
like "$1$3vIyT/lS$SZXS1spQucMqBmI5POabP1", so I suppose it's a MD5 password.