*BSD News Article 30481


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!bunyip.cc.uq.oz.au!harbinger.cc.monash.edu.au!yeshua.marcam.com!usc!howland.reston.ans.net!agate!asami
From: asami@cs.berkeley.edu (Satoshi ASAMI)
Newsgroups: comp.os.386bsd.questions
Subject: Re: [FreeBSD-1.1] New users password problems.
Date: 14 May 94 00:57:48
Organization: CS Div. - EECS, University of California, Berkeley, CA 94720
Lines: 29
Message-ID: <ASAMI.94May14005748@forgery.cs.berkeley.edu>
References: <Cpp3H5.D6n@oea.hacktic.nl> <2r180d$hp3@pdq.coe.montana.edu>
NNTP-Posting-Host: forgery.cs.berkeley.edu
In-reply-to: nate@cs.montana.edu's message of 13 May 1994 17:03:09 PST

In article <2r180d$hp3@pdq.coe.montana.edu>
        nate@cs.montana.edu (Nate Williams) writes:

 * In article <Cpp3H5.D6n@oea.hacktic.nl>,  <dan@oea.hacktic.nl> wrote:
 * >
 * >I installed FreeBSD-1.1 and added two new users using the dreaded vipw. I
 * >then used chpass to give one of them a passwd. Now I can login to the user
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 * >account without a password but can not login to the one with a password. I
 * >also noticed that master.password contains the password in plain text form.
 * >Is this normal? Or is this due to a lack of crypt functionality?
 * 
 * This is bad.  Something is REALLY screwed up since FreeBSD doesn't have a
 * plain-text crypt function.  It's ALWAYS used some form of 'hiding' the plain
 * text password from the sys. ad.

I don't think there is anything wrong with the system.  Dan tried to
supply the password in the second field to chpass, which will store it
in plain text, of course.  And since that doesn't match the encrypted
form of itself, he can't log in to that account.

Dan, chpass is intended only when you have a passwd file entry that
you copied from another system, including an ENCRYPTED password entry.
The standard way to add a password to a user is to use vipw to edit
the passwd file, giving him "*" in the passwd entry, and then use
"passwd user" command AS ROOT to give him a password.

Satoshi