-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frank Steiner [26.08.2010 13:55]:
Werner Flamme wrote
using the passwd command at the commandline caused the passwords to be inserted in the /etc/passwd file.
I cannot reproduce this on our SLES 11 SP1 ppc64 and x86_64 systems. You must have some config other than ours that triggers this bug...
Would you please be so kind and give me the info, where I /can/ configure this behaviour? I will be glad to change it to somewhat safer... I do not remember to have configured that users with /bin/csh get their passwords stored in /etc/passwd, or that /etc/shadow is ignored for those users. BTW, I have only x86_64 boxes. Tried it again on another VM: # grep erster /etc/passwd erster:x:1000:100:Erster Eins:/home/erster:/bin/false # grep erster /etc/shadow erster:$2a$05$4jD2b5NwFNiBIeD28YkGz.c3w60XqGInsLsWEacAACedg6S5wWzNG:14775:0:99999:7::: # LANG=C passwd erster Changing password for erster. New Password: Bad password: too simple Reenter New Password: Password changed. # grep erster /etc/passwd erster:x:1000:100:Erster Eins:/home/erster:/bin/false # grep erster /etc/shadow erster:$2a$10$gQrxJv3zjUY.4AnrXIECvezfNhSdIiWHABHrT1t.Il6e.wIqtx96m:14847:0:99999:7::: OK, password changed, user is in both files. Now I cange the user's shell to bash via YaST. # grep erster /etc/passwd erster:x:1000:100:Erster Eins:/home/erster:/bin/bash # grep erster /etc/shadow erster:$2a$10$gQrxJv3zjUY.4AnrXIECvezfNhSdIiWHABHrT1t.Il6e.wIqtx96m:14847:0:99999:7::: # LANG=C passwd erster Changing password for erster. New Password: Bad password: too simple Reenter New Password: Password changed. # grep erster /etc/passwd erster:x:1000:100:Erster Eins:/home/erster:/bin/bash # grep erster /etc/shadow erster:$2a$10$bRGXCPPb/mh3EXfs9/jQzuupBYKw95M4wFofoILgTYkdFmby4XhBG:14847:0:99999:7::: Everything OK again. Now I use YaST to change the user's shell to csh: # grep erster /etc/passwd erster:x:1000:100:Erster Eins:/home/erster:/bin/csh # grep erster /etc/shadow erster:$2a$10$bRGXCPPb/mh3EXfs9/jQzuupBYKw95M4wFofoILgTYkdFmby4XhBG:14847:0:99999:7::: # LANG=C passwd erster Changing password for erster. New Password: Bad password: too simple Reenter New Password: Password changed. # grep erster /etc/passwd erster:x:1000:100:Erster Eins:/home/erster:/bin/csh # grep erster /etc/shadow erster:$2a$10$DMdqOfe0XL4eU32XETq8..MmZTvndEvwyue8OO4t/HnjQzUZ.xXoW:14847:0:99999:7::: Great. It works! But still not on the first server. All servers are drawn from the same VM template. "diff" does not tell me a difference between the respective /usr/bin/passwd files. Where the ... did I configure that? Regards, Werner -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkx2YEUACgkQk33Krq8b42MEQQCeL0jy4n9M+jmKz9/8u2yQTAr8 6DgAn0EXp+X/rDQiULq1D1pj0mf+pfKv =CWOe -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org