Description of problem: Without the -e switch, chpasswd(8) encrypts cleartext passwords with DES algorithm. So, only first 8 letters of the password are effective. Version-Release number of selected component (if applicable): shadow-utils-4.0.3-26.RHEL3 How reproducible: echo "testaccount:testpassword" | /usr/sbin/chpasswd grep ^testaccount: /etc/shadow Steps to Reproduce: 1. Use chpasswd(8) without -e option: echo "testaccount:testpassword" | /usr/sbin/chpasswd 2. Check /etc/shadow entry: grep ^testaccount: /etc/shadow 3. Check password field that begins with '$1$' or not. Actual results: The password field in /etc/shadow dose not begin with '$1$'. The user 'testaccout' can login with password 'testpass'. Expected results: Additional info:
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.