Re: bin/58005: passwd always errors out; cannot change passwords anymore

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,michael.cheponis%gmail.com@localhost
Subject: Re: bin/58005: passwd always errors out; cannot change passwords anymore
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Fri, 8 Mar 2024 10:40:01 +0000 (UTC)

The following reply was made to PR bin/58005; it has been noted by GNATS.

From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/58005: passwd always errors out; cannot change passwords anymore
Date: Fri, 8 Mar 2024 10:35:42 -0000 (UTC)

 michael.cheponis%gmail.com@localhost (Michael Cheponis) writes:

 >default:
 >        localcipher = argon2id
 >        ypcipher = old

 >cat /usr/mac/SS/root/etc/passwd.conf    <--- Where the very old saved /etc
 >is.
 >default:
 >  localcipher = sha1
 >  ypcipher = sha1

 >Do I need to change the passwd.conf so ypcipher = argon2id ?

 That depends on what you want to get.

 ypcipher is used for NIS, and for compatibility with ancient
 systems that still use NIS, this is configured as "old", meaning
 the traditional DES encryption without tagging.

 In any case, neither would have caused the reported error. The
 pw_gensalt() function that failed supports:

 static const struct pw_salt {
         const char *name;
         int (*gensalt)(char *, size_t, const char *);
 } salts[] = {
         { "old", __gensalt_old },
         { "new", __gensalt_new },
         { "newsalt", __gensalt_new },
         { "md5", __gensalt_md5 },
         { "sha1", __gensalt_sha1 },
         { "blowfish", __gensalt_blowfish },
 #ifdef HAVE_ARGON2
         /* argon2 default to argon2id */
         { "argon2", __gensalt_argon2id},
         { "argon2id", __gensalt_argon2id},
         { "argon2i", __gensalt_argon2i},
         { "argon2d", __gensalt_argon2d},
 #endif /* HAVE_ARGON2 */
         { NULL, NULL }
 };

 If the configured salt method doesn't match anything, you get
 exactly the reported error.

 >Just to emphasize, this must have been changed by sysupdate when I went
 >from _RC3 to _RC5

 If the update changed such things, you must have either unpacked the
 etc.tgz set directly, or run etcupdate and accept the corresponding
 (or all) changes.

 But again, the reported passwd.conf content doesn't produce that
 error. "argon2id", "old" and "sha1" are all known salt methods.

Follow-Ups:
- Re: bin/58005: passwd always errors out; cannot change passwords anymore
  - From: Michael Cheponis

Prev by Date: Re: kern/58009: ffs_newvnode panic while untarring comp.tar.xz
Next by Date: Re: kern/58009: ffs_newvnode panic while untarring comp.tar.xz
Previous by Thread: Re: bin/58005: passwd always errors out; cannot change passwords anymore
Next by Thread: Re: bin/58005: passwd always errors out; cannot change passwords anymore
Indexes:

Home | Main Index | Thread Index | Old Index