-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I just got a shock: I logged in on a SLES 11 SP 1 server as root, and used "passwd myuser" to change myuser's password. It worked, /etc/shadow was updated. But to my utter astonishment /etc/passwd was, too. I did a "grep myuser /etc/passwd" and found the same password as in /etc/shadow in the second column of /etc/passwd. Every other user had the standard "x" at this place. I tried gain with "passwd othruser", and again I found the passwd written down to both files. othruser:$2a$10$TSkGc/dhXzjTUZDFvbZsKuuRlvnCo.nlUXvE9vSVTinjoKIYox1wm:1001:55:Oracle Admin:/oracle/othr:/bin/csh myuser:$2a$10$S5M02XK8FbhbBKQEn74IF.f4EX8WMOCNM5T22z8mWNZecTmZdBFlm:1002:1000:SAP Admin:/home/myuser:/bin/csh Now I used the YaST user management module, looked here and there, changed some info about LDAP servers (LDAP was not used for authentication, but the config was shown), and after closing the module, the passwords were away from /etc/passwd. I am using pwdutils-3.2.8-0.2.35 on this system. I do not recognize writing passwords to /etc/passwd as a feature. Do I have to open a bugzilla entry or is this a matter of (wrong) configuration? Regards, Werner -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkx2LlEACgkQk33Krq8b42MVSwCcCzdy61DPrqd1LpnpujsOrEHD UNsAniavG3Nm1iZ+4ya1h8vZxq5Uv9L3 =mMJo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org