[svlug] Unencrypted passwords in shadow file
a at t.armory.com
Fri Mar 18 17:53:47 PST 2005
On Fri, Mar 18, 2005 at 06:42:09PM -0500, Skip Evans wrote:
> Hey all,
> I am working on a Fedora Core I server that is
> employing the /etc/shadow file for storing passwords.
> If I add a new user with:
> adduser -p passvalue -g 501 testaccount
> The following appears in /etc/shadow:
> As you can see, the password is not encrypted, and
> the user is unable to connect to check email, because
> the system is comparing, I assume, the encrypted
> value of what they entered with this unencrypted
> I can get the encrypted value into the /etc/shadow
> file by doing
> password testaccount
> ...and then entering the password as requested.
> Shouldn't the password be encrypted in the shadow
> file when adduser is executed?
In the useradd/adduser manual it says you're supposed to pass in the
The encrypted password, as returned by crypt(3). The default is
to disable the account.
More information about the svlug