Subject: bin/18474: bug in useradd
To: None <>
From: None <>
List: netbsd-bugs
Date: 09/29/2002 23:25:52
>Number:         18474
>Category:       bin
>Synopsis:       useradd/usermod fails with new MD5 passwords
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 29 20:26:00 PDT 2002
>Originator:     Douglas Wade Needham
>Release:        NetBSD 1.6
System: NetBSD cyteen 1.6 NetBSD 1.6 (GENERIC) #0: Sun Sep 8 19:43:40 UTC 2002 i386
Machine: i386
        useradd/usermod does not permit the use of the new MD5
	checksums when adding accounts.  Problem appears to also
	extend into the other user utilities due to common code.

Example commands (note, passwords are munged for security, supply your own):
        usermod -s /bin/ksh -p '$1%mS2grPST$/xwNZFb6QENgP4fmzVkaB0' root
        useradd -u 100 -g staff -G wheel \
                -c "Douglas Wade Needham,,," \
                -p '$1$5IRDRAnb$DldpYJcjZcz39rQo52PAy0'
	Workaround is to manually set/change password with the
	password command.

        Fix will likely be to add code to usr.sbin/user/user.c to
	handle passwords of either 13 or 34 characters in length.
	However, exact fix is unavailable at this time (still setting
	up my 1.6 based build environment).