[Bug 743715] New: Yast New User Uses MD5, Initial System Config Used SHA512
https://bugzilla.novell.com/show_bug.cgi?id=743715 https://bugzilla.novell.com/show_bug.cgi?id=743715#c0 Summary: Yast New User Uses MD5, Initial System Config Used SHA512 Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: andrew@acooke.org QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7 I just (re-)installed OpenSuse 12.1. When I added the initial user and root the default setting was SHA512, and that checks with the entries in /etc/shadow ($6$ prefix, as documented in man crypt). However, I then added another user via Yast, and that user was added with an MD5 ($1$ prefix). It's not clear to me whether this is a problem or not. MD5 isn't that great a choice these days and I would have expected SHA512 to be used consistently, if it was selected during install. As far as I know I haven't changed any settings (I cannot find anywhere in sysconfig that specified this; nor can I find anything in Yast that can change what is used when a new user is added). Reproducible: Always Steps to Reproduce: 1. Install with default settings and note the $6$ prefixes in /etc/shadow 2. Add a new user with Yast and see the $1$ prefix 3. Profit! Actual Results: Here are relevant entries from my system. I've replaced some values with Xs. "andrew" was added during install; "test" was added afterwards. andrew:$6$XXXXXXXXXXXXXXXXXXX/XXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:15365:0:99999:7::: test:$1$XXXXXXXXXXXXXXXXXX:15365:0:99999:7::: Expected Results: I'd expect both lines to contain $6$. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c
andrew cooke
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c1
Bruno Friedmann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c2
--- Comment #2 from Bruno Friedmann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c3
--- Comment #3 from Bruno Friedmann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c
zj jia
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c
Arvin Schnell
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c4
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c5
--- Comment #5 from andrew cooke
cat /var/lib/YaST2/users_first_stage.ycp $[ "after_auth" : "users", "autologin_user" : "", "encryption_method" : "sha512", "root_alias" : "andrew", "root_password_written" : "1", "run_krb_config" : "0", "users_written" : 1 ]
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c6
andrew cooke
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c7
--- Comment #7 from Bruno Friedmann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c8
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c9
andrew cooke
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c10
--- Comment #10 from Bruno Friedmann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c11
--- Comment #11 from Bruno Friedmann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c12
--- Comment #12 from andrew cooke
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c13
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c14
--- Comment #14 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c15
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c16
--- Comment #16 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c17
--- Comment #17 from andrew cooke
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c18
--- Comment #18 from Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c19
Bruno Friedmann
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c20
--- Comment #20 from andrew cooke
https://bugzilla.novell.com/show_bug.cgi?id=743715
https://bugzilla.novell.com/show_bug.cgi?id=743715#c21
Jiří Suchomel
Jiri, it seems to work manually under a 12.1, once in Yast2 security center -> password you set SHA512 then the /etc/default/passwd contain this
CRYPT_FILES=sha512
So this is correct and YaST works as it should on installed system.
For 12.1 update, perhaps the script could check if CRYPT_FILES=md5 then replace it by CRYPT_FILES=sha512 ? Don't know if it's a good idea or not, +adding a comment #bnc743715
No, that would not be good, as we could not know in script if the value is there by error or on purpose. So I think I can close it now: for 12.1, users can change the encryption value from YaST, and for next release, it should work well from the beginning. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com