| View previous topic :: View next topic |
| Author |
Message |
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
 Posted: Tue Nov 13, 2007 5:02 pm Post subject: URGENT: useradd yields UNENCRYPTED passwords in [solved] |
 |
|
Now this is too weird. "useradd" now yields unencrypted passwords in /etc/shadow:
| Code: | | # useradd -g users -p welcome pcguest |
executes with no error and creates user. Logins fail. Checking /etc/shadow:
# grep pcguest /etc/shadow
| Code: | | pcguest:welcome:13830:0:99999:7::: |
Anyone else try to create a user since the new pam/shadow updates?
Last edited by overkll on Tue Nov 13, 2007 8:12 pm; edited 1 time in total |
|
| Back to top |
|
 |
Monkeh
Veteran
Joined: 06 Aug 2005
Posts: 1656
Location: England
|
| Posted: Tue Nov 13, 2007 5:43 pm Post subject: |
|
|
| Read the man page. It takes an encrypted password, not a plain text password. |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Tue Nov 13, 2007 6:01 pm Post subject: |
|
|
True, but I only tried it with the "-p" option because "passwd" <user> was failing. I've been using ldap for auth too long. 
1. removed user pcguest:
2. Added user pcguest back:
| Code: | | # useradd -g users pcguest |
3. Add password for user pcguest:
| Code: | # passwd pcguest
passwd: Authentication information cannot be recovered |
4. Checking /etc/shadow shows:
| Code: | # grep pcguest /etc/shadow
pcguest:!:13830:0:99999:7::: |
AFAIK, the second field is the password field, and the ! means locked(?)
"passwd -u pcguest" and then "passwd pcguest" yields the same error.
I recall not having this issue in the past - prior to latest pam-0.99 / shadow updates.
If I'm being stupid, enlighten me  |
|
| Back to top |
|
|
Monkeh
Veteran
Joined: 06 Aug 2005
Posts: 1656
Location: England
|
| Posted: Tue Nov 13, 2007 6:16 pm Post subject: |
|
|
| Works for me. |
|
| Back to top |
|
|
mottmar
Tux's lil' helper
Joined: 13 Nov 2005
Posts: 103
Location: Genoa, Italy
|
| Posted: Tue Nov 13, 2007 6:17 pm Post subject: |
|
|
| Code: | lucifer ant # useradd -g users -p guessme tooeasyaname
lucifer ant # grep tooeasyaname /etc/shadow
tooeasyaname:guessme:13830:0:99999:7:::
|
aargh. I simply couldn't believe this. So I had to try. And it really seems true. BUT it isn't:
From :
| Quote: |
-p, --password PASSWORD
The encrypted password, as returned by crypt(3). The default is to
disable the account.
|
So your command does not do what you think it does...
edit: ehm I was a bit late with this...
_________________
The box said "Requires Windows 95 or better." I can't understand why it won't work on my Linux computer. |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Tue Nov 13, 2007 8:12 pm Post subject: |
|
|
It was related to /etc/pam.d/system-auth... AGAIN!
re-emerged pam and shadow, edited system auth and now "passwd" works as it should.
Sorry, I was completely wrong about the useradd -p deal. |
|
| Back to top |
|
|
|
Networking & Security
