Bug#602464: marked as done (libpam-unix2: does not use blowfish hash in /etc/shadow entries)

Thu, 12 Jan 2012 03:57:32 -0800 

Your message dated Thu, 12 Jan 2012 12:54:54 +0100
with message-id <[email protected]>
and subject line Re: Bug#602464: libpam-unix2: does not use blowfish hash in 
/etc/shadow entries
has caused the Debian Bug report #602464,
regarding libpam-unix2: does not use blowfish hash in /etc/shadow entries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
602464: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602464
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libpam-unix2
Version: 1:2.4.1-2
Severity: normal

*** Please type your report below this line ***

I was testing this module out, because I need local & nis passwords.
  % grep passwd /etc/nsswitch.conf
  passwd:     files nis

I changed /etc/pam.d/common-password to read:
  % grep -v ^# common-password
  password   required   pam_unix2.so nullok debug

I used the default /etc/security/pam_unix2 file;
  % sudo mv /etc/security/pam_unix2.default /etc/security/pam_unix2
  % grep -v ^# /etc/security/pam_unix2.default
  CRYPT=des
  CRYPT_FILES=blowfish
  BLOWFISH_CRYPT_FILES=5
  CRYPT_YP=des

Because of complaints in syslog when I used the 'md5' option,
I also created this symlink (on a hunch, I could find no reference to
this file in the documentation).
  % ln -s /etc/security/pam_unix2.default /etc/default/passwd

I had already created a test local user. I did not check but am pretty
sure it had an md5-type password hash in the password field.
When I change the password for the test user, the password hash is in
crypt format.

I also tried these options in the conf file:
  CRYPT=md5
  CRYPT_FILES=blowfish
  BLOWFISH_CRYPT_FILES=5
  CRYPT_YP=des

  CRYPT=md5
  CRYPT_FILES=md5
  BLOWFISH_CRYPT_FILES=5
  CRYPT_YP=des

  CRYPT=des
  CRYPT_FILES=md5
  BLOWFISH_CRYPT_FILES=5
  CRYPT_YP=des

All gave the same result - a crypt-format password hash in /etc/shadow.

What I was expecting to see was hashes prefixed with $1$ 
when using the md5 option and $2$ when using the blowfish option.

Regards
Vince

-- System Information:
Debian Release: 5.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-unix2 depends on:
ii  libc6                     2.7-18lenny6   GNU C Library: Shared libraries
ii  libpam0g                  1.0.1-5+lenny1 Pluggable Authentication Modules l
ii  libxcrypt1                1:2.4-1        Crypt library for DES, MD5, and bl

libpam-unix2 recommends no packages.

libpam-unix2 suggests no packages.

-- no debconf information

-- 

----- End forwarded message -----

--

--- End Message ---
--- Begin Message --- 
* Vincent McIntyre <[email protected]>, 2012-01-12, 11:30:

So I think this bug can be closed, as invalid.


Thanks for the feedback. Closing as requested.

--
Jakub Wilk

--- End Message ---

Reply via email to