Bug 69562 - Installer creates users with invalid DES encrypted passwords
Summary: Installer creates users with invalid DES encrypted passwords
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: shadow-utils (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Eido Inoue
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-07-23 07:15 UTC by Mike Gleason
Modified: 2007-04-18 16:44 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-27 19:12:50 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Mike Gleason 2002-07-23 07:15:26 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.1a) Gecko/20020610

Description of problem:
Users creating during the install process seem to have a high probability of
their encrypted DES passwords containing non-base64 characters.  DES passwords
are 13 characters long, and in base64 format with the character set:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./

Specifically, the "salt" (first two characters of the DES encrypted password)
for these passwords is often invalid, containing non-base64 characters (often
control characters or characters with the high bit set).

Version-Release number of selected component (if applicable):


How reproducible:
Sometimes

Steps to Reproduce:
1.  Boot from the Red Hat Linux 7.3 i386 ISO disc.
2.  Install as usual (minimal will do).
3.  Create 10 or 15 users in addition at the screen where you set the root password.
4.  Unselect "MD5" passwords so DES is used; leave /etc/shadow enabled.
5.  Let install complete, then inspect field two of /etc/shadow.
	

Actual Results:  For 13 users created from the installer, 12 had non-base64
characters in the salt of their passwords.  After logging in and creating
additional users using "useradd" and then "passwd" to set their passwords, each
new user had a valid DES encrypted password in /etc/shadow.  That is why I
suspect the Installer and not glibc or PAM.

I will try pasting the snippet from my /etc/shadow, but I'm not sure the
high-bit characters were copied correctly:

a:BvozAzQMe1Eo:11890:0:99999:7:::
b:17icEAYsoOey2:11890:0:99999:7:::
c:!	r9Ufa8qCbrc:11890:0:99999:7:::
d:Rp9hkCUXuLgq6:11890:0:99999:7:::
e:M@tyYCOSS2BnU:11890:0:99999:7:::
f:NUei8/Rp1IWU:11890:0:99999:7:::
g:VpWPN.xwW5HM:11890:0:99999:7:::
h:;rVbWcNHo2S96:11890:0:99999:7:::
i:≈/PASUWTJTFns:11890:0:99999:7:::
j:z∫fB2DnDYmm.Q:11890:0:99999:7:::
k:KiujHfU0d4Iw:11890:0:99999:7:::
l:wpSesWZQgPpE:11890:0:99999:7:::
m:˚UOwGFBoMCqAs:11890:0:99999:7:::

Expected Results:  Correctly formatted DES passwords, such as these created by
/bin/passwd:

n:NB4mPVle/UF7U:11890:0:99999:7:::
o:7C.FhC20LacDA:11890:0:99999:7:::
p:ICkNiod9LxNgs:11890:0:99999:7:::
q:RCVyqHdYCwbZs:11890:0:99999:7:::


Additional info:

Valid DES encrypted passwords are still important for portability to other systems.

Comment 1 Michael Fulbright 2002-07-23 16:00:49 UTC
Any ideas Nalin?  We just call useradd.

Comment 2 Michael Fulbright 2002-07-23 16:01:40 UTC
Would the problem be with how we create the salt?


Note You need to log in before you can comment on or make changes to this bug.