Bug#602464: libpam-unix2: does not use blowfish hash in /etc/shadow entries

Thu, 04 Nov 2010 19:21:20 -0700 

Package: libpam-unix2
Version: 1:2.4.1-2
Severity: normal

*** Please type your report below this line ***

I was testing this module out, because I need local & nis passwords.
  % grep passwd /etc/nsswitch.conf
  passwd:     files nis

I changed /etc/pam.d/common-password to read:
  % grep -v ^# common-password
  password   required   pam_unix2.so nullok debug

I used the default /etc/security/pam_unix2 file;
  % sudo mv /etc/security/pam_unix2.default /etc/security/pam_unix2
  % grep -v ^# /etc/security/pam_unix2.default
  CRYPT=des
  CRYPT_FILES=blowfish
  BLOWFISH_CRYPT_FILES=5
  CRYPT_YP=des

Because of complaints in syslog when I used the 'md5' option,
I also created this symlink (on a hunch, I could find no reference to
this file in the documentation).
  % ln -s /etc/security/pam_unix2.default /etc/default/passwd

I had already created a test local user. I did not check but am pretty
sure it had an md5-type password hash in the password field.
When I change the password for the test user, the password hash is in
crypt format.

I also tried these options in the conf file:
  CRYPT=md5
  CRYPT_FILES=blowfish
  BLOWFISH_CRYPT_FILES=5
  CRYPT_YP=des

  CRYPT=md5
  CRYPT_FILES=md5
  BLOWFISH_CRYPT_FILES=5
  CRYPT_YP=des

  CRYPT=des
  CRYPT_FILES=md5
  BLOWFISH_CRYPT_FILES=5
  CRYPT_YP=des

All gave the same result - a crypt-format password hash in /etc/shadow.

What I was expecting to see was hashes prefixed with $1$ 
when using the md5 option and $2$ when using the blowfish option.

Regards
Vince

-- System Information:
Debian Release: 5.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-unix2 depends on:
ii  libc6                     2.7-18lenny6   GNU C Library: Shared libraries
ii  libpam0g                  1.0.1-5+lenny1 Pluggable Authentication Modules l
ii  libxcrypt1                1:2.4-1        Crypt library for DES, MD5, and bl

libpam-unix2 recommends no packages.

libpam-unix2 suggests no packages.

-- no debconf information

-- 

----- End forwarded message -----

-- 



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to