Project

General

Profile

Actions

Bug #3497

closed

The PASSWORDHASH metadata entry does not allow to use glibc-like SHA/MD hashes

Added by Matthieu CERDA over 11 years ago. Updated almost 10 years ago.

Status:
Released
Priority:
1 (highest)
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

First, we should allow SHA-512 hashes.

Then, we should allow the use of GLIBC shadow compatible hashes, like for SHA-512:

$6$SALT$HASH

See http://serverfault.com/questions/259722/how-to-generate-a-etc-shadow-compatible-password-for-ubuntu-10-04

These hashes should be named:
  • shadow-md5 / shadow-sha-(level) in the metadata PASSWORDHASH
  • "MD5 / SHA-(level) (Shadow)"

Related issues 1 (0 open1 closed)

Related to Rudder - User story #3461: Update the userManagement Technique to update /etc/shadow directly (and use hashed passwords)ReleasedMatthieu CERDA2013-04-15Actions
Actions #1

Updated by François ARMAND over 11 years ago

  • Status changed from New to In progress

That seems to be a really cool use case !

Actions #2

Updated by François ARMAND over 11 years ago

For the ID, I'm going to take the Linux ones, so the names will be: "linux-shadow-md5" etc.

For the salt, I will go for a 8 char among the set [a-zA-Z0-9./]

Actions #3

Updated by François ARMAND over 11 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES

Finally, used the implementation given in recent Apache Common-codec.
PR here: https://github.com/Normation/cf-clerk/pull/17

Actions #4

Updated by Nicolas CHARLES over 11 years ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Jonathan CLARKE over 11 years ago

  • Status changed from Pending release to Released
Actions #6

Updated by Benoît PECCATTE almost 10 years ago

  • Project changed from 24 to Rudder
  • Category changed from Techniques to Techniques
Actions

Also available in: Atom PDF