I would think the obvious answer is that the password supplied as an argument to -p is the encrypted password, generated by any of the mkpasswd utilities. I agree it's odd that it's not mentioned in the man page. Ed > -----Original Message----- > From: Emils Klotins [SMTP:emilsat_private] > Sent: Friday, June 11, 1999 6:11 AM > To: BUGTRAQat_private > Subject: useradd -p stores cleartext passwords / shadow-980724 > > Hello. > > Sorry if this is reported already. Didn't find it in Bugtraq archives nor > in SuSE support db. > > OS: SuSE Linux 6.1 > Program: useradd > Package: shadow-980724 > > Problem description: > 'useradd' command has an option '-p password' for specifying password to > the newly added user. > (This option btw, does not appear anywhere in useradd man page) > If you specify this option along with a password, the password will be > stored in /etc/shadow, but > in cleartext, creating 2 problems: > 1. The password is stored in cleartext > 2. It of course does not work, for upon login an encrypted version of > password is expected to be in > /etc/shadow. > > PS. I could agree that specifying password in command-line can be > considered quite dangerous, > however, if the option is there, it should either work correctly or not be > there. > > > > > Emils Klotins e-mail: emilsat_private > Systems Manager URL: http://www.usis.bkc.lv/ > USIS Riga 7 Smilsu Str., Riga LV1050, LATVIA
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:08 PDT