>Number: 169356 >Category: bin >Synopsis: "pw groupmod GROUP -h FD" ignores "passwd_format" from >login.conf(5) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jun 23 16:50:08 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Devin Teske >Release: FreeBSD 9.0-RELEASE i386 >Organization: FIS Global, Inc. >Environment: FreeBSD scribe9.vicor.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:15:25 UTC 2012 r...@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: When attempting to set the password field for a group in group(5) using pw(8), only old-style DES hash is used. The passwd_format setting in login.conf(5) is ignored. >How-To-Repeat: First, witness that pw(8) adheres to the desired "passwd_format" setting in login.conf(5) when changing the password for a user (versus group):
echo newpass | sudo pw usermod SOMEUSER -h 0 sudo grep '^SOMEUSER:' /etc/master.passwd NOTE: The password field (second field delimited by ":") contains a hash in the desired format (based on "passwd_format" setting in login.conf -- MD5 is the default, producing "$1$salt$data" in the password field). Now, witness that when doing the same thing but for a group, login.conf(5) is now ignored and only a DES hash can be generated: echo newpass | sudo pw groupmod SOMEGROUP -h 0 grep '^SOMEGROUP:' /etc/group >Fix: I see two ways forward: 1. Update pw(8) to adhere to passwd_format when "groupmod GROUP -h FD" is used (making it act similar to "usermod USER -h FD") 2. Add a new "group_passwd_format" to login.conf(5) and make pw(8) adhere to that. >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
