[11751] in bugtraq
Re: RH 6.0 shadow passwords and locking users bug
daemon@ATHENA.MIT.EDU (Alex Alvarez)
Wed Sep 8 18:25:20 1999
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-Id: <19990907012351.80350.qmail@hotmail.com>
Date: Mon, 6 Sep 1999 18:23:50 PDT
Reply-To: Alex Alvarez <eajam@HOTMAIL.COM>
From: Alex Alvarez <eajam@HOTMAIL.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
I tried both on RH 6.0 without any problem whatsoever. Then again, I've
continuously update the systems following RH Errata recommendations,
http://www.redhat.com/corp/support/errata/rh60-errata-general.html
Cheers, A
>From: Shuman <shuman@ANNEXGRP.ORG>
>Reply-To: Shuman <shuman@ANNEXGRP.ORG>
>To: BUGTRAQ@SECURITYFOCUS.COM
>Subject: Re: RH 6.0 shadow passwords and locking users bug
>Date: Thu, 2 Sep 1999 05:24:02 +0600
>
>On Mon, 30 Aug 1999, Prince Ctrl wrote:
>[ When administering a Red Hat 6.0 server and locking users with the
>[ 'passwd -l <user>' command, and then unlocking a user with the 'passwd
>[ -u <user>' command, a control character is added to the end of a
>[ users' encrypted password in the form of a "^Q" in the shadowed passwd
>[ file.
>
>The "usermod" program, a part of shadow-utils that comes with RedHat 6.0
>has a similar feature and does NOT has this "^Q" problem when unlocking.
>
>To lock an account:
>usermod -L username
>
>To unlock an account:
>usermod -U username
>
>[ OS affected/tested: Red Hat 6.0
>
>Too bad, I just upgraded the last RH 5.2 box to 6.0 today!
>
>---
>M S Anam <shuman@annexgrp.org>
>
>Annex Group, Bangladesh We hack to learn!
>
>Those who can't write, write manuals.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
