Description of problem: Anaconda created /etc/shadow entries are created with this command 12:22:51,458 INFO program: Running... /usr/sbin/authconfig --update --nostart --enableshadow --passalgo=sha512 --enablefingerprint which results in a 16 character stal in the shadow file. Changing the password with the password command results in an 8 character salt instead. Version-Release number of selected component (if applicable): passwd-0.79-5.fc21.x86_64 How reproducible: Always Steps to Reproduce: 1. Check /etc/shadow following Anaconda installation, it uses 16 character salt. 2. passwd <user> to change the password 3. Check /etc/shadow Actual results: 16 character salt for that user is replaced with an 8 character salt Expected results: There should be a new 16 character salt replacing the old one. Additional info:
Thanks for your report. This is happening in pam_unixpassverify.c:create_password_hash. Though, really, 8 characters with 6 bits each means you would have to collect over 16 million password entries to get a >50% likelihood of having even two entries with the same salt, which seems fairly sufficient; and using the full spec maximum of 16 characters moves the 50%-likelihood value 281*10^12 entries which is obviously unnecessary. OTOH it wouldn’t really hurt, so reassigning to PAM for consideration.
pam-1.3.1-13.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1cc39ff643
pam-1.3.1-13.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdece005fe
pam-1.3.1-13.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdece005fe
pam-1.3.1-13.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1cc39ff643
pam-1.3.1-13.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
pam-1.3.1-13.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.