Package: tiger Version: 1:3.2.3-4 Severity: normal Hi,
Tiger does not handle SHA-512 (and probably other SHA-mechanisms) properly by default. I keep getting a message (see below) for all users using a hash starting with '$6$cSCDbP…' while those starting with '$1$bz7U…' are never reported. I assume the setting "Tiger_Passwd_Hashes='crypt3|md5'" is responsible and needs to be complemented with the proper term for SHA mechanisms. I was unable to find what needs to be put there, though. It seems to be neither 'SHA-512' nor 'sha512'. The reported problem is: NEW: --WARN-- [pass014w] Login (hendrik) is disabled, but has a valid shell. The corresponding check is in file /usr/lib/tiger/scripts/check_passwd:173 Since the default mechanism for setting passwords seems to have changed in debian, IMHO tigers default config should be adjusted accordingly. Also it seems that possible values for this setting are not documented anywhere which would be helpful in this situation. Thank you and best regards henk -- Hendrik Jaeger Linux Systemadministrator Init Seven AG Elias-Canetti-Strasse 7 CH-8050 Zürich phone: +41 44 315 44 00 fax: +41 44 315 44 01 http://www.init7.net/
signature.asc
Description: PGP signature
