[Pkg-shadow-devel] Bug#1118274: passwd fails with domain\username format
Chris Hofstaedtler
zeha at debian.org
Fri Oct 17 18:50:34 BST 2025
On Fri, Oct 17, 2025 at 05:21:06PM +0000, Sebastian DeJesus wrote:
> The passwd command fails to work with domain user accounts specified in the "domain\username" format on Debian 13.
> This is a regression from Debian 12 where passwd version 1:4.13+dfsg1-1+b1 handled this format correctly.
Unfortunately valid username formats are underspecified and
backslashes cause security problems in the most common password
storage backend (unix passwd/shadow files).
Starting in trixie Debian's passwd uses upstream's rules for valid
usernames, avoiding the security problems.
> This format previously worked in Debian 12 with passwd 1:4.13+dfsg1-1+b1 and should continue to be supported in
> Debian 13 for users with domain/LDAP authentication (such as Active Directory).
>
> This regression prevents domain users from changing their own passwords using their domain account credentials.
You'll have to find another tool to interact with AD I'm afraid.
Best,
Chris
More information about the Pkg-shadow-devel
mailing list