[Pkg-shadow-devel] Bug#657717: login: ENCRYPT_METHOD default should be changed to SHA512

Mario B. mario.gnudeb at gmail.com
Sat Jan 28 11:01:43 UTC 2012

Package: login
Version: 1:
Severity: normal


I use a group protected by a password longer than 8 characters, but only the first eight ones are checked when using newgrp or sg. I have checked also user password, but they work as expected.

The problem is the ENCRYPT_METHOD default (DES) for gpasswd in /etc/login.defs. Given that "man login.defs" recommends that ENCRYPT_METHOD is set consistently with the PAM configuration (pam_unix.so obscure sha512 in /etc/pam.d/common-password), I think that the default value for ENCRYPT_METHOD should be changed to SHA512.


-- System Information:
Debian Release: 6.0.3
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable'), (550, 'testing'), (500, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages login depends on:
ii  libc6                 2.11.2-10          Embedded GNU C Library: Shared lib
ii  libpam-modules        1.1.1-6.1+squeeze1 Pluggable Authentication Modules f
ii  libpam-runtime        1.1.1-6.1+squeeze1 Runtime support for the PAM librar
ii  libpam0g              1.1.1-6.1+squeeze1 Pluggable Authentication Modules l

login recommends no packages.

login suggests no packages.

-- Configuration Files:
/etc/login.defs changed [not included]
/etc/pam.d/login changed [not included]
/etc/securetty [Errno 13] Permission denied: u'/etc/securetty'

-- no debconf information

More information about the Pkg-shadow-devel mailing list