Next message: James Sneeringer: "Re: useradd -p stores cleartext passwords / shadow-980724"
I would think the obvious answer is that the password supplied
as an argument to -p is the encrypted password, generated
by any of the mkpasswd utilities.
I agree it's odd that it's not mentioned in the man page.
Ed
> -----Original Message-----
> From: Emils Klotins [SMTP:emilsat_private]
> Sent: Friday, June 11, 1999 6:11 AM
> To: BUGTRAQat_private
> Subject: useradd -p stores cleartext passwords / shadow-980724
>
> Hello.
>
> Sorry if this is reported already. Didn't find it in Bugtraq archives nor
> in SuSE support db.
>
> OS: SuSE Linux 6.1
> Program: useradd
> Package: shadow-980724
>
> Problem description:
> 'useradd' command has an option '-p password' for specifying password to
> the newly added user.
> (This option btw, does not appear anywhere in useradd man page)
> If you specify this option along with a password, the password will be
> stored in /etc/shadow, but
> in cleartext, creating 2 problems:�
> 1. The password is stored in cleartext
> 2. It of course does not work, for upon login an encrypted version of
> password is expected to be in
> /etc/shadow.
>
> PS. I could agree that specifying password in command-line can be
> considered quite dangerous,
> however, if the option is there, it should either work correctly or not be
> there.
>
>
>
>
> Emils Klotins e-mail: emilsat_private
> Systems Manager URL: http://www.usis.bkc.lv/
> USIS Riga 7 Smilsu Str., Riga LV1050, LATVIA
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 14:49:08 PDT