md5 password encryption not working in libpam-unix2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpam-unix2 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libpam-unix2
Distribution version: Ubuntu 8.10
Package: libpam-unix2, version 2.5.0-2
Dependencies: libc6 2.8~20080505-
The MD5 encryption in libpam-unix2 is not working, it always falls back to standard crypt, therefore truncating passwords at 8 characters. In Ubuntu 8.04 LTS this was working fine (libpam-unix2 was version 2.1-4). It looks like this bug has been introduced with libpam-unix2 version 2.5 (see in the changelog: "Use crypt_gensalt_r instead of crypt_gensalt_rn"). Tracing the behaviour of the module by adding debug output to the source code shows that it chooses indeed MD5 encryption, but the salt generation function make_crypt_salt() makes a standard crypt salt instead of an MD5 one (i.e., $1$......), as crypt_gensalt_r() is not available (configure outputs "checking for xcrypt_gensalt_r... no"). It seems that crypt_gensalt_r() has been introduced with libxcrypt version 3.
Possible solution: replacing crypt_gensalt_r() with crypt_gensalt_rn() in the source code (src/unix_passwd.c) seems to solve the problem.