Project

General

Profile

Actions

Bug #3497

closed

The PASSWORDHASH metadata entry does not allow to use glibc-like SHA/MD hashes

Added by Matthieu CERDA over 11 years ago. Updated over 9 years ago.

Status:
Released
Priority:
1 (highest)
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

First, we should allow SHA-512 hashes.

Then, we should allow the use of GLIBC shadow compatible hashes, like for SHA-512:

$6$SALT$HASH

See http://serverfault.com/questions/259722/how-to-generate-a-etc-shadow-compatible-password-for-ubuntu-10-04

These hashes should be named:
  • shadow-md5 / shadow-sha-(level) in the metadata PASSWORDHASH
  • "MD5 / SHA-(level) (Shadow)"

Related issues 1 (0 open1 closed)

Related to Rudder - User story #3461: Update the userManagement Technique to update /etc/shadow directly (and use hashed passwords)ReleasedMatthieu CERDA2013-04-15Actions
Actions

Also available in: Atom PDF