The following reply was made to PR bin/58005; it has been noted by GNATS.
From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: bin/58005: passwd always errors out; cannot change passwords anymore
Date: Fri, 8 Mar 2024 10:35:42 -0000 (UTC)
michael.cheponis%gmail.com@localhost (Michael Cheponis) writes:
>default:
> localcipher = argon2id
> ypcipher = old
>cat /usr/mac/SS/root/etc/passwd.conf <--- Where the very old saved /etc
>is.
>default:
> localcipher = sha1
> ypcipher = sha1
>Do I need to change the passwd.conf so ypcipher = argon2id ?
That depends on what you want to get.
ypcipher is used for NIS, and for compatibility with ancient
systems that still use NIS, this is configured as "old", meaning
the traditional DES encryption without tagging.
In any case, neither would have caused the reported error. The
pw_gensalt() function that failed supports:
static const struct pw_salt {
const char *name;
int (*gensalt)(char *, size_t, const char *);
} salts[] = {
{ "old", __gensalt_old },
{ "new", __gensalt_new },
{ "newsalt", __gensalt_new },
{ "md5", __gensalt_md5 },
{ "sha1", __gensalt_sha1 },
{ "blowfish", __gensalt_blowfish },
#ifdef HAVE_ARGON2
/* argon2 default to argon2id */
{ "argon2", __gensalt_argon2id},
{ "argon2id", __gensalt_argon2id},
{ "argon2i", __gensalt_argon2i},
{ "argon2d", __gensalt_argon2d},
#endif /* HAVE_ARGON2 */
{ NULL, NULL }
};
If the configured salt method doesn't match anything, you get
exactly the reported error.
>Just to emphasize, this must have been changed by sysupdate when I went
>from _RC3 to _RC5
If the update changed such things, you must have either unpacked the
etc.tgz set directly, or run etcupdate and accept the corresponding
(or all) changes.
But again, the reported passwd.conf content doesn't produce that
error. "argon2id", "old" and "sha1" are all known salt methods.