Red Hat Bugzilla – Bug 470002
yppasswd uses weak password hash and ignores system-config-authentication
Last modified: 2008-11-07 04:18:08 EST
Description of problem:
Using "yppasswd" to change a password on a NIS server generates a password hash and enters it into /etc/shadow. But is uses the standard crypt password hash (outdated) and ignores my setting in system-config-authentication to use SHA512.
When I use "passwd" on the NIS server directly, then SHA512 will be used.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install NIS server
2. log into NIS client
3. change pw using yppasswd
4. Use "ypcat passwd" to see, that wrong hash function was used.
a crypt hashed password
A SHA512 hashed password
Yes, NIS is old and insecure by design. Users are advised to use newer and more secured software, e. g. LDAP.
From man yppasswd:
"In the old days, the standard passwd(1), chfn(1) and chsh(1) tools could not be used under Linux to change the users NIS password, shell and GECOS information. For changing the NIS information, they were replaced by their NIS counterparts, yppasswd, ypchfn and ypchsh.
Today, this versions are deprecated and should not be used any longer."