Your message dated Sat, 14 Jan 2012 01:17:45 +0000
with message-id <[email protected]>
and subject line Bug#655565: fixed in libpam-unix2 1:2.4.1-5
has caused the Debian Bug report #655565,
regarding libpam-unix2: please improve README.Debian wording
(/etc/security/pam_unix2.default vs /etc/default/passwd)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
655565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655565
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-unix2
Version: 1:2.4.1-2
Severity: normal
*** Please type your report below this line ***
I was testing this module out, because I need local & nis passwords.
% grep passwd /etc/nsswitch.conf
passwd: files nis
I changed /etc/pam.d/common-password to read:
% grep -v ^# common-password
password required pam_unix2.so nullok debug
I used the default /etc/security/pam_unix2 file;
% sudo mv /etc/security/pam_unix2.default /etc/security/pam_unix2
% grep -v ^# /etc/security/pam_unix2.default
CRYPT=des
CRYPT_FILES=blowfish
BLOWFISH_CRYPT_FILES=5
CRYPT_YP=des
Because of complaints in syslog when I used the 'md5' option,
I also created this symlink (on a hunch, I could find no reference to
this file in the documentation).
% ln -s /etc/security/pam_unix2.default /etc/default/passwd
I had already created a test local user. I did not check but am pretty
sure it had an md5-type password hash in the password field.
When I change the password for the test user, the password hash is in
crypt format.
I also tried these options in the conf file:
CRYPT=md5
CRYPT_FILES=blowfish
BLOWFISH_CRYPT_FILES=5
CRYPT_YP=des
CRYPT=md5
CRYPT_FILES=md5
BLOWFISH_CRYPT_FILES=5
CRYPT_YP=des
CRYPT=des
CRYPT_FILES=md5
BLOWFISH_CRYPT_FILES=5
CRYPT_YP=des
All gave the same result - a crypt-format password hash in /etc/shadow.
What I was expecting to see was hashes prefixed with $1$
when using the md5 option and $2$ when using the blowfish option.
Regards
Vince
-- System Information:
Debian Release: 5.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libpam-unix2 depends on:
ii libc6 2.7-18lenny6 GNU C Library: Shared libraries
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
ii libxcrypt1 1:2.4-1 Crypt library for DES, MD5, and bl
libpam-unix2 recommends no packages.
libpam-unix2 suggests no packages.
-- no debconf information
--
----- End forwarded message -----
--
--- End Message ---
--- Begin Message ---
Source: libpam-unix2
Source-Version: 1:2.4.1-5
We believe that the bug you reported is fixed in the latest version of
libpam-unix2, which is due to be installed in the Debian FTP archive:
libpam-unix2_2.4.1-5.debian.tar.gz
to main/libp/libpam-unix2/libpam-unix2_2.4.1-5.debian.tar.gz
libpam-unix2_2.4.1-5.dsc
to main/libp/libpam-unix2/libpam-unix2_2.4.1-5.dsc
libpam-unix2_2.4.1-5_i386.deb
to main/libp/libpam-unix2/libpam-unix2_2.4.1-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jakub Wilk <[email protected]> (supplier of updated libpam-unix2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 14 Jan 2012 01:57:57 +0100
Source: libpam-unix2
Binary: libpam-unix2
Architecture: source i386
Version: 1:2.4.1-5
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[email protected]>
Changed-By: Jakub Wilk <[email protected]>
Description:
libpam-unix2 - Blowfish-capable PAM module
Closes: 640942 655565
Changes:
libpam-unix2 (1:2.4.1-5) unstable; urgency=low
.
* QA upload (see #628848).
+ Set Maintainer to Debian QA Group.
* Switch to source format 3.0 (quilt):
+ Add debian/source/format.
+ Rename debian/patch/00list to debian/patches/series.
+ Use .diff extension (rather than .dpatch) for patches.
+ Use DEP-3 for patch headers (rather than the dpatch-specific format).
+ Add extend-diff-ignore to debian/source/options, so that changes to
config.{sub,guess} are ignored.
+ Remove explicit (un)patching code from debian/rules.
+ Remove dpatch from Build-Depends.
* Use "<<" relation (rather than "<", which is deprecated).
* Add ${misc:Depends}.
* Bump debhelper compatibility level to 7:
+ Update debian/compat.
+ Update Build-Depends.
+ Use ‘dh_prep’ instead of ‘dh_clean -k’.
+ Don't remove build-stamp explicitly, it's now handled by dh_clean.
* Acquire CFLAGS, CPPFLAGS and LDFLAGS from dpkg-buildflags and pass them to
the configure script:
+ Update debian/rules.
+ Build depend on dpkg-dev (>= 1.15.7).
+ Add patch to fix FTBFS with -Werror=format-security.
* Improve debian/rules:
+ Remove useless comments.
+ Don't ignore errors from ‘make distclean’.
+ Run ‘make clean’ in the unix2_chkpwd subdirectory instead of removing
the files manually.
+ Update config.{sub,guess} unconditionally.
+ Don't fiddle with INSTALL_PROGRAM variable, as dh_strip does the right
thing.
+ Pass --host to the configure script only when cross-compiling.
+ Don't depend on build* targets in binary-indep.
+ Merge install target into binary-arch.
+ Use dh_install instead of dh_movefiles.
+ Add build-arch and build-indep targets.
* Improve debian/watch:
+ Upgrade version to 3.
+ Remove useless comments.
+ Remove ‘debian uupdate’.
* Bump standards version to 3.9.2 (no changes needed).
* Install /sbin/unix2_chkpwd as setgid shadow (rather than setuid root). Add
lintian override for setgid-binary.
* Respect LDFLAGS when building /sbin/unix2_chkpwd. Change link order, so
that linking works with --as-needed (closes: #640942). Thanks to Colin
Watson for the bug report.
* Build-Depend on autotools-dev (needed for fresh config.{sub,guess}
copies). Remove unused build-dependency on libtool.
* Run autoreconf at build-time.
+ Add automake to Build-Depends.
+ Update debian/rules.
+ Update extend-diff-ignore in debian/source/options.
* Reword README.Debian, so that it's clear that Debian version does _not_
use /etc/default/passwd (closes: #655565). Thanks to Vincent McIntyre for
the bug report.
* Fix typos in the configuration file and in the pam_unix2(8) manual page.
Checksums-Sha1:
f786d2a251c65485eefc7c9e7a28f2c7e2c813dc 1851 libpam-unix2_2.4.1-5.dsc
9681e52dc98f114faf8e43a8944713a5385119d2 10924
libpam-unix2_2.4.1-5.debian.tar.gz
c3c310d54b0aca6f8ce5ff58b40fe050250a1c63 82864 libpam-unix2_2.4.1-5_i386.deb
Checksums-Sha256:
35cd0db054c540e2001d599034f350f26fe5049cf79176a3ed799e2bbbb1ac68 1851
libpam-unix2_2.4.1-5.dsc
e3bbf1b79332226eb821668da24d98dbbf6d41e79506907b829fb5b72cb6ecbc 10924
libpam-unix2_2.4.1-5.debian.tar.gz
2e1bbba7e474717ea5865fab9738888565f09d10027deabbcb9455040ea89ce9 82864
libpam-unix2_2.4.1-5_i386.deb
Files:
5556d80bf85a9686e2616f493d7d41c9 1851 admin extra libpam-unix2_2.4.1-5.dsc
4279fc6ab2dc9d5bb4a158c11ab42ceb 10924 admin extra
libpam-unix2_2.4.1-5.debian.tar.gz
99aa7b7f8542bb7e1c52273987c514fc 82864 admin extra
libpam-unix2_2.4.1-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPENW+AAoJEC1Os6YBVHX1WgIP/3eacmw00yOK73ijCxbukpMN
nnFFdCw2RRRUcqNTayFSl9o4fY6Y5seAFsuRQryobbaNlu+vFsQpgWCF6mJUciXh
OiHpLYUkDTeXb+yXBrbHRLsVvCXIO9/bCm8awJXRcGX2Yr+X45QobC9KsQE9GC5+
mxQ2hbwHDTVLqnCw/xdkN5dJB/5hpsKFPAabnv309fzx2fvqPQ+AU2xdem9aY2f+
V/IO8Tnva71o6KO4TnkNgYwS2ulib9+gRGULWmJt220iARfHNUcJqaavvijt6pZP
2ilzGBGJklay3LaAjLPG54B+IUCyxu4jsdyULN88DDQ5i2jfrakvuux0joHiB0zk
yglShC9WAgJsxMWAm7WMN80/tQZOvLFCW0la3dHkf29cFIaaxqXBiFTtgdL49kPN
OO6/D0bZmCUJgXRRXx1VU1Cv9Qm6B/BIUZXMS4IMm8RnFuzQ9FoSPgqhIq3btzAa
8XBqqw2F4TCwvG+qSNKN7pIrcR7xxZPyd8m6VLOfcUWVg19BZQoAK7Pi+VV/eKpt
ZA7QwJl4TnSbKJBVeplPDmXj3sQ7+KRD0NScuawvkmmvTtam6r52XjX4t08VyUK7
Risc2BtB2ZiuL/olGSTh16mIHOQOaRCCEbLvLFAY02OPC56KlF+WUGC9Zy3SG6nl
GWY9HiIighhBlDJDrDsi
=WBon
-----END PGP SIGNATURE-----
--- End Message ---
