[Bug 372406] [NEW] md5 password encryption not working in libpam-unix2
Ale
antifumo at ticino.com
Tue May 5 20:04:56 UTC 2009
Public bug reported:
Binary package hint: libpam-unix2
Distribution version: Ubuntu 8.10
Package: libpam-unix2, version 2.5.0-2
Dependencies: libc6 2.8~20080505-0ubuntu7, libpam0g 1.0.1-4ubuntu5, libxcrypt1 2.4-2
The MD5 encryption in libpam-unix2 is not working, it always falls back
to standard crypt, therefore truncating passwords at 8 characters. In
Ubuntu 8.04 LTS this was working fine (libpam-unix2 was version 2.1-4).
It looks like this bug has been introduced with libpam-unix2 version 2.5
(see in the changelog: "Use crypt_gensalt_r instead of
crypt_gensalt_rn"). Tracing the behaviour of the module by adding debug
output to the source code shows that it chooses indeed MD5 encryption,
but the salt generation function make_crypt_salt() makes a standard
crypt salt instead of an MD5 one (i.e., $1$......), as crypt_gensalt_r()
is not available (configure outputs "checking for xcrypt_gensalt_r...
no"). It seems that crypt_gensalt_r() has been introduced with libxcrypt
version 3.
Possible solution: replacing crypt_gensalt_r() with crypt_gensalt_rn()
in the source code (src/unix_passwd.c) seems to solve the problem.
** Affects: libpam-unix2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: libpam-unix2 md5
--
md5 password encryption not working in libpam-unix2
https://bugs.launchpad.net/bugs/372406
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list