[11687] in bugtraq
Re: RH 6.0 shadow passwords and locking users bug
daemon@ATHENA.MIT.EDU (Shuman)
Sat Sep 4 05:50:03 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BOO.4.10.9909020519370.2463-100000@oubliette.annexgrp.org>
Date: Thu, 2 Sep 1999 05:24:02 +0600
Reply-To: Shuman <shuman@ANNEXGRP.ORG>
From: Shuman <shuman@ANNEXGRP.ORG>
X-To: Prince Ctrl <princectrl@ROCKETMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990830210735.27311.rocketmail@attach1.rocketmail.com>
On Mon, 30 Aug 1999, Prince Ctrl wrote:
[ When administering a Red Hat 6.0 server and locking users with the
[ 'passwd -l <user>' command, and then unlocking a user with the 'passwd
[ -u <user>' command, a control character is added to the end of a
[ users' encrypted password in the form of a "^Q" in the shadowed passwd
[ file.
The "usermod" program, a part of shadow-utils that comes with RedHat 6.0
has a similar feature and does NOT has this "^Q" problem when unlocking.
To lock an account:
usermod -L username
To unlock an account:
usermod -U username
[ OS affected/tested: Red Hat 6.0
Too bad, I just upgraded the last RH 5.2 box to 6.0 today!
---
M S Anam <shuman@annexgrp.org>
Annex Group, Bangladesh We hack to learn!
Those who can't write, write manuals.
