Red Hat Bugzilla – Bug 60129
gshadow doesn't use MD5
Last modified: 2008-05-07 11:17:00 EDT
The gshadow command does not use MD5 encryption for the passwords it generates,
even on systems configured to use MD5 encryption for /etc/shadow
This bug is also present in hampton beta 1
I've changed this bug report to be against the beta as it contains beta
NDA information. All NDA related information should be only found in
bug reports filed under the beta.
Changing back to 7.2, as this bug is present there and that's where it was
noticed and affecting users.
this bug is still present in 7.3 gold
Is gshadow still in the distro?
The /etc/gshadow file is still there, and passwords set in it (using the gpasswd
command) are still being put in DES-encrypted, not MD5-encrypted
Forgot to add myself to Cc
Still true with fedora core
The significance of this bug is that it prevents group-level passwords from
working at all on systems which are using MD5 in /etc/shadow
This issue does no longer affect current Fedora versions (7+). Red Hat
Enterprise Linux up to version 5 are affected. However, this issue does not
seem to prevent usage of group passwords on system with MD5 enabled, at least on
Red Hat Enterprise Linux 4 or later.
Due to the minimal security impact of this issue, it will not be treated as
security fix. I'm proposing as normal bugfix for inclusion in Red Hat
Enterprise Linux 5.
there isn't gshadow command in RHEL. I have tried gpasswd to change group
password and the hash in /etc/gshadow looks
like "$1$3vIyT/lS$SZXS1spQucMqBmI5POabP1", so I suppose it's a MD5 password.