Bug 829463 - login.defs man page contradicts to authconfig actual actions
login.defs man page contradicts to authconfig actual actions
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: shadow-utils (Show other bugs)
x86_64 Linux
unspecified Severity high
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
: ManPageChange
Depends On:
  Show dependency treegraph
Reported: 2012-06-06 16:36 EDT by Theophanis Kontogiannis
Modified: 2012-11-19 12:23 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-11-19 12:23:23 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Theophanis Kontogiannis 2012-06-06 16:36:20 EDT
Description of problem:

According to man login.defs, ENCRYPT_METHOD=SHA512 overrides MD5_CRYPT_ENAB.

Manually changing ENCRYPT_METHOD to MD5 does not change the system to use MD5 hashed password.

Using 'system-config-authentication' or 'authconfig --enablemd5 --update' to change to MD5, adds to /etc/login.defs the MD5_CRYPT_ENAB=yes. And then MD5 works.

Version-Release number of selected component (if applicable):

RHEL 6.0, 6.1, 6.2

How reproducible:


Steps to Reproduce:
Actual results:

passwd <user> creates a $6$ hashed password in /etc/shadow

Expected results:

passwd <user> should create a $1$ hashed password in /etc/shadow

Additional info:

It looks that something is missing from the man page of login.defs
Comment 2 Peter Schiffer 2012-06-13 13:45:38 EDT
login.defs(5) is man page in shadow-utils package. Reassigning to the correct component.
Comment 3 RHEL Product and Program Management 2012-09-07 01:26:06 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 5 Tomas Mraz 2012-11-19 12:23:23 EST
Actually the reason why the authconfig call is needed is that not only login.defs has to be set but - for the passwd program especially - the system PAM configuration in /etc/pam.d/system-auth must be changed. And that is what authconfig does. The MD5_CRYPT_ENAB in login.defs is legacy and not needed.

Note You need to log in before you can comment on or make changes to this bug.