Bug 60129 - gshadow doesn't use MD5
gshadow doesn't use MD5
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: shadow-utils (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Vrabec
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2002-02-20 13:03 EST by Chris Ricker
Modified: 2008-05-07 11:17 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-07 11:17:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Ricker 2002-02-20 13:03:06 EST
The gshadow command does not use MD5 encryption for the passwords it generates,
even on systems configured to use MD5 encryption for /etc/shadow

This bug is also present in hampton beta 1
Comment 1 Mike A. Harris 2002-02-28 20:27:13 EST
I've changed this bug report to be against the beta as it contains beta
NDA information.  All NDA related information should be only found in 
bug reports filed under the beta.
Comment 2 Chris Ricker 2002-02-28 23:29:28 EST
Changing back to 7.2, as this bug is present there and that's where it was
noticed and affecting users.
Comment 3 Chris Ricker 2002-05-05 11:42:20 EDT
this bug is still present in 7.3 gold
Comment 4 Kjartan Maraas 2003-03-31 15:58:06 EST
Is gshadow still in the distro?
Comment 5 Chris Ricker 2003-03-31 16:09:03 EST
The /etc/gshadow file is still there, and passwords set in it (using the gpasswd
command) are still being put in DES-encrypted, not MD5-encrypted
Comment 6 Kjartan Maraas 2003-04-02 17:46:08 EST
Forgot to add myself to Cc
Comment 7 Chris Ricker 2003-10-17 10:40:50 EDT
Still true with fedora core

The significance of this bug is that it prevents group-level passwords from
working at all on systems which are using MD5 in /etc/shadow
Comment 8 Tomas Hoger 2008-04-14 04:57:42 EDT
This issue does no longer affect current Fedora versions (7+).  Red Hat
Enterprise Linux up to version 5 are affected.  However, this issue does not
seem to prevent usage of group passwords on system with MD5 enabled, at least on
Red Hat Enterprise Linux 4 or later.

Due to the minimal security impact of this issue, it will not be treated as
security fix.  I'm proposing as normal bugfix for inclusion in Red Hat
Enterprise Linux 5.
Comment 9 Peter Vrabec 2008-05-07 11:17:00 EDT
there isn't gshadow command in RHEL. I have tried gpasswd to change group 
password and the hash in /etc/gshadow looks 
like "$1$3vIyT/lS$SZXS1spQucMqBmI5POabP1", so I suppose it's a MD5 password.

Note You need to log in before you can comment on or make changes to this bug.