[11731] in bugtraq
Re: RH 6.0 shadow passwords and locking users bug
daemon@ATHENA.MIT.EDU (Walter Klomp)
Wed Sep 8 03:46:52 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NCBBKKNOIKLBLIILHKDKAEMJCFAA.walter@swiftech.net.sg>
Date: Sat, 4 Sep 1999 19:32:25 +0800
Reply-To: Walter Klomp <walter@SWIFTECH.NET.SG>
From: Walter Klomp <walter@SWIFTECH.NET.SG>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BOO.4.10.9909020519370.2463-100000@oubliette.annexgrp.org>
Hi,
I solved this problem by downloading the source of the latest
shadow-password package, and just recompile and make install...
It's indeed an error in the .rpm of RedHat 6.0...
Hope this helps
Regards
Walter
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of Shuman
> Sent: Thursday, September 02, 1999 7:24 AM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Re: RH 6.0 shadow passwords and locking users bug
>
>
> On Mon, 30 Aug 1999, Prince Ctrl wrote:
> [ When administering a Red Hat 6.0 server and locking users with the
> [ 'passwd -l <user>' command, and then unlocking a user with the 'passwd
> [ -u <user>' command, a control character is added to the end of a
> [ users' encrypted password in the form of a "^Q" in the shadowed passwd
> [ file.
>
> The "usermod" program, a part of shadow-utils that comes with RedHat 6.0
> has a similar feature and does NOT has this "^Q" problem when unlocking.
>
> To lock an account:
> usermod -L username
>
> To unlock an account:
> usermod -U username
>
> [ OS affected/tested: Red Hat 6.0
>
> Too bad, I just upgraded the last RH 5.2 box to 6.0 today!
>
> ---
> M S Anam <shuman@annexgrp.org>
>
> Annex Group, Bangladesh We hack to learn!
>
> Those who can't write, write manuals.
>
