487298 – pam_unix uses md5 to store old passwords in opasswd

Bug 487298 - pam_unix uses md5 to store old passwords in opasswd

Summary: pam_unix uses md5 to store old passwords in opasswd

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pam
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	fedora-sha2-pkgs 517000
TreeView+	depends on / blocked

Reported:	2009-02-25 11:41 UTC by Miloslav Trmač
Modified:	2016-11-01 15:02 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-01 15:02:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Miloslav Trmač 2009-02-25 11:41:06 UTC

It should use SHA-2 if it is used for /etc/shadow.

Comment 1 Bug Zapper 2009-06-09 11:38:20 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 2 Tomas Mraz 2009-08-14 12:53:40 UTC

As the password saving in pam_unix is considered as legacy functionality in upstream and the preferred way of password history handling is pam_pwhistory I don't think it is much worth it to enhance pam_unix this way.

Comment 3 Josh 2013-07-08 16:39:22 UTC

Is it a good idea to be leaving this potentially broken functionality in pam_unix rather than removing it or fixing it?

Perhaps update the man page for pam_unix stating that the remember parameter is legacy and pam_pwhistory should be used instead

Comment 4 Tomas Mraz 2016-11-01 15:02:23 UTC

The pam_unix manpage already mentions that.

Note You need to log in before you can comment on or make changes to this bug.