chpasswd -S does not operate according to documented behaviour

Bug #1045786 reported by James Dingwall on 2012-09-04
This bug affects 5 people
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)

Bug Description

# lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04

# apt-cache policy passwd
  Installed: 1:
  Candidate: 1:
  Version table:
 *** 1: 0
        500 precise/main amd64 Packages
        100 /var/lib/dpkg/status

According to the chpasswd(8) man page this should be the behaviour of chpasswd with the -S option.
       -S, --stdout
           Report encrypted passwords to stdout instead of updating password

However in this version of the package with -S or --stdout the encrypted password is not echoed to the console and the password file is updated.

Test case:
# grep ^user /etc/shadow ; echo user:newpass | chpasswd -S ; grep ^user /etc/shadow

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shadow (Ubuntu):
status: New → Confirmed
Matt Day (fjarlq) wrote :

I looked into this briefly, and I think I've spotted the problem.

In the `shadow` package, version, the `debian/patches/495_stdout-encrypted-password` patch does not cause the call to `do_pam_passwd_non_interractive()` to be avoided when the -S option has been given, indicating `use_stdout = TRUE`.

I am not familiar with this code at all, but I looked into `do_pam_passwd_non_interractive()` (`shadow` package file `libmisc/pam_pass_non_interractive.c`) and it only seems to be doing PAM updating stuff that shouldn't be happening when -S has been specified.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers