Subject: misc/12539: /etc/security doesn't know about long passwords
To: None <gnats-bugs@gnats.netbsd.org>
From: None <smb@mikado.research.att.com>
List: netbsd-bugs
Date: 04/03/2001 15:08:43
>Number:         12539
>Category:       misc
>Synopsis:       /etc/security doesn't know about long passwords
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 03 12:09:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Steven M. Bellovin
>Release:        2001/02/06
>Organization:
	
>Environment:
	
System: NetBSD mikado.research.att.com 1.5R NetBSD 1.5R (MIKADO) #1: Tue Mar 6 23:53:40 EST 2001 smb@mikado.research.att.com:/usr/src/sys/arch/i386/compile/MIKADO i386
Architecture: i386
Machine: i386
>Description:
	If md5 passwords are used, /etc/security complains that the
	account has a real shell but is disabled.  It checks for
	"disabled" by looking for a hashed password length of 13 or 20,
	which doesn't match what is currently produced.
>How-To-Repeat:
	Change localcipher in /etc/passwd.conf, change a password,
	and wait a day...
>Fix:
	Have the code look at the type prefix (if any), and check
	the length accordingly.
>Release-Note:
>Audit-Trail:
>Unformatted: