[Pkg-shadow-devel] Bug#1124835: Bug#1124835: chpasswd hash check goes too far
Marc Haber
mh+debian-packages at zugschlus.de
Thu Jan 8 08:01:53 GMT 2026
On Thu, Jan 08, 2026 at 12:17:25AM +0100, Chris Hofstaedtler wrote:
>As noted by vinz, this is user error. After bash variable
>interpolation, this became echo 'aust:' | chpasswd --encrypted. Not
>what you wanted, I guess.
I confirm my mistake. With the right kind of quotes, it works. That
happened while investigating adduser test failures. I apologize.
>> > > # echo "aust:*" | chpasswd --encrypted
>> > > chpasswd: (line 1, user aust) invalid password hash
>> > > chpasswd: error detected, changes ignored
>
>This and the !-variant will be fixed in a moment using patches from
>Alejandro.
It has still become impossible in the future to disalbe an account while
preserving the password. This destroys functionality that has been
available for decades and is also in wide use. Adduser has grown by
about 500 lines to cater for that. It has also lost a test that used to
check whether a security vulnerability that warranted a security update
is still absend. That upstream decision neiher makes software and life
simpler, nor does it improve software quality.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
More information about the Pkg-shadow-devel
mailing list