newusers, liboobs uses crypt insted of md5, intrepid installer doesn't use sha512

I confirm that I just demonstrated this behavior exists on my Feisty install on my laptop. I made a user ubu3, and it's password in shadow does NOT being with $1$.

I used this input file:

root@radioflyer:/home/xeno/shop/ubtest# cat newusers
ubu3::::Ubuntu Test User 3:/home/ubu3:/bin/bash
---snip---
newusers newusers
and I got the following password line which clearly doesn't have a hash beginning with $1$:
ubu3:8xhfvFsxMIXh2:13671:0:99999:7:::
---snip---
xc

I guess I could mention that I got the comment about $1$ from the shadow man page. the newusers man page describes the input file being just like a passwd file entry with a few things left out, but all the columns there. That's probably all that's needed to repro this from the interface viewpoint. pam.d does have a newusers entry on my system:

root@radioflyer:/etc/pam.d# cat newusers
# The PAM configuration file for the Shadow 'newusers' service
#

# This allows root to add users with a batch file without being
# prompted for a password
auth sufficient pam_rootok.so

# checks for account validity
account required pam_permit.so
---snip---

Mm, yes. From the code, it looks like simply nobody ever implemented MD5 hashes in newusers.

Or, at least, it only works if PAM is compiled out and MD5_CRYPT_ENAB=yes in /etc/login.defs. It doesn't look like it's implemented in the PAM case.

The debian 4.1.0-1 version fixed this (MD5_CRYPT_ENAB can be set to yes).

Note that the prefered solution would be to define ENCRYPT_METHOD to MD5.
(ENCRYPT_METHOD was introduced in 4.1.0 to allow new password encryption methods).

I'd like to set ENCRYPT_METHOD to SHA512 by default to match the changes made in PAM for Intrepid. Additionally, this will require that ubiquity not call "chpasswd" with the "-m" flag, which overrides the /etc/login.defs setting. (This may need to change in d-i as well?)

./d-i/source/migration-assistant/ma-script-utils: $chroot $ROOT chpasswd -m <<EOF
./d-i/source/user-setup/user-setup-apply: $chroot $ROOT chpasswd $OPTS <<EOF

(In the latter case, the OPTS can be blank, '-e' does the right thing)

Yet-Another-Password-Writing-Implementation found in liboobs/system-tools-backends. *sigh* see bug 287134.

This bug was fixed in the package shadow - 1:4.1.1-5ubuntu2

---------------
shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low

  * debian/login.defs: use SHA512 by default for password crypt routine
    (LP: #51551, currently Ubuntu specific).
  * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
    encrypted passwords to stdout for tools needing encrypted passwords
    (debian bug 505640).
  * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.

 -- Kees Cook <email address hidden> Thu, 13 Nov 2008 16:43:48 -0800

James, okay, you should be set to patch liboobs to use "chpasswd -S" to get an encrypted password (instead of doing it itself).

Attached is my proposal. I've tested it and it seems to work just fine.

Erk, updated to catch control.in too.

This bug was fixed in the package liboobs - 2.22.0-1ubuntu1

---------------
liboobs (2.22.0-1ubuntu1) jaunty; urgency=low

  * Use the passwd package to do password hashing instead of re-inventing
    the wheel (LP: #51551).
    - Add debian/patches/use-chpasswd.patch.
    - debian/control: add versioned Depend on passwd with "chpasswd -S".

 -- Kees Cook <email address hidden> Tue, 25 Nov 2008 09:51:52 -0800

This bug was fixed in the package user-setup - 1.23ubuntu1

---------------
user-setup (1.23ubuntu1) jaunty; urgency=low

  [ Evan Dandrea ]
  * Do not force chpasswd to md5 crypted passwords (LP: #51551).

  [ Colin Watson ]
  * Resynchronise with Debian. Remaining changes:
    - Add the initial user to the adm, dip, lpadmin, and sambashare
      groups too, and to the admin group if no root password is set. Do not
      add them to the audio, video, floppy, dip, netdev, or powerdev groups.
    - Allow the admin group to gain root privileges using sudo.
    - Default passwd/root-login to false.
    - Create the spu group on powerpc/ps3 and powerpc/cell.
    - Make is_system_user always return false if OVERRIDE_SYSTEM_USER is
      set.
    - Add preseedable passwd/auto-login question; if set to true, configure
      gdm and kdm for automatic login.
    - Ask whether the user wants to set up an encrypted private directory.
    - If passwd/allow-password-empty is preseeded to true, allow empty
      passwords.

user-setup (1.23) unstable; urgency=low

  [ Updated translations ]
  * Belarusian (be.po) by Pavel Piatruk
  * Bosnian (bs.po) by Armin Besirovic
  * Danish (da.po)
  * Croatian (hr.po) by Josip Rodin
  * Latvian (lv.po) by Peteris Krisjanis
  * Macedonian (mk.po) by Arangel Angov
  * Serbian (sr.po) by Veselin Mijušković

user-setup (1.22) unstable; urgency=low

  [ Jérémy Bobbio ]
  * Source confmodule in pre-pkgsel.d/10kdesudo.
  * As cdebconf is now fixed, on errors in root password, return to root
    password dialog (and not the one before it).
    Depends: cdebconf-udeb (>= 0.133)

  [ Updated translations ]
  * Arabic (ar.po) by Ossama M. Khayat
  * French (fr.po) by Christian Perrier
  * Kurdish (ku.po) by Erdal Ronahi
  * Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
  * Turkish (tr.po) by Mert Dirik

user-setup (1.21) unstable; urgency=low

  [ Frans Pop ]
  * user-setup-apply: avoid locale errors from perl when used in D-I.
  * Add pre-pkgsel hook script to setup kdesudo for KDE desktop installs
    without root account (#485655). Thanks to Didier Raboud for bringing up
    the subject and suggesting the solution.

  [ Colin Watson ]
  * Don't exit user-setup-apply if update-gconf-defaults fails.

  [ Updated translations ]
  * Basque (eu.po) by Iñaki Larrañaga Murgoitio
  * Finnish (fi.po) by Esko Arajärvi
  * Italian (it.po) by Milo Casagrande
  * Turkish (tr.po) by Mert Dirik
  * Simplified Chinese (zh_CN.po) by Kov Chai

 -- Colin Watson <email address hidden> Thu, 27 Nov 2008 18:32:51 +0000