[Pkg-shadow-devel] Small fixes in salt.c, chpasswd.c, chgpasswd.c

Nicolas François nicolas.francois at centraliens.net
Sat Nov 24 00:52:24 UTC 2007

On Fri, Nov 23, 2007 at 08:02:05PM +0100, dkopecek at redhat.com wrote:
> Nicolas François wrote:
> > On Fri, Nov 23, 2007 at 01:12:11PM +0100, Dan Kopecek wrote:
> >> Hi,
> >>  this patch adds a function for generating salt of given size and fixes
> >> few bugs.
> > 
> > Thanks a lot.
> > I will commit it tonight.
> > 
> > I will probably also:
> >  * move the srandom call from crypt_make_salt to gensalt
> >  * replace the if in gensalt by an assert
> > 
> > BTW, did you try chpasswd/su with the SHA256 or SHA512 algorithms?
> > 
> > I still have to install a newer libc to test it (I plan to do it this
> > weekend).
> > 
> > 
> > Best Regards,
> I found a new problem, updated patch attached, please review it - I am
> not sure if it is a feature or bug. I checked the return value of
> crypt_make_salt when SHA256/512 is used and it should be ok (sha256:
> "$5$rounds=num$salt" or "$5$salt" when *ROUNDS are not specified in
> login.defs) but I didn't tested it with new libc too...

There was a bug in salt.c

It was a feature in chpasswd and chgpasswd to use DES by default, but I
think it is a buggy feature, so I applied your patch and fixed the
documentation accordingly. The encryption defined in /etc/login.defs will
be the default encryption.

I could test successfully use chpasswd to set a SHA512 or SHA256 password,
and then authenticate with a PAM enabled service.

Best Regards,

More information about the Pkg-shadow-devel mailing list