netbsd-bugs: misc/16157: /etc/security doesn't know about long passwords on 1.5.3

Subject: misc/16157: /etc/security doesn't know about long passwords on 1.5.3_rc1
To: None <gnats-bugs@gnats.netbsd.org>
From: None <smb@research.att.com>
List: netbsd-bugs
Date: 04/01/2002 13:15:06

>Number:         16157
>Category:       misc
>Synopsis:       /etc/security doesn't know about long passwords on 1.5.3_rc1
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 01 10:16:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Steven M. Bellovin
>Release:        NetBSD 1.5.3_RC1
>Organization:
AT&T Labs Research
>Environment:
	
	
System: NetBSD berkshire.research.att.com 1.5.3_RC1 NetBSD 1.5.3_RC1 (BERKSHIRE.nosound) #0: Sat Mar 30 14:17:24 EST 2002 smb@berkshire.research.att.com:/usr/src/sys/arch/i386/compile/BERKSHIRE.nosound i386
Architecture: i386
Machine: i386
>Description:
	1.5.3 introduces long passwords, mediated by /etc/passwd.conf.
	But /etc/security thinks that MD5 passwords -- i.e., those
	whose hashed value isn't 13 bytes -- represent a disabled login.
	Note:  I built my system by 'make build', rather than using
	a snapshot.  But CVS on the 1.5 branch tells me that my
	version of /etc/security is current.
>How-To-Repeat:
	
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: