I found an interesting issue with kuser v1.0 today. It looks like kuser will not generate MD5 passwords, but only the old style crypt passwords. I found out this issue when trying kuser for the first time and making a new user account, and the user found only the first eight characters of his password were valid when doing a test login. I checked out the man page for crypt(3) and found the GNU extension to the crypt library allows making MD5 versions of passwords if the salt that is given is preceded by the characters $1$, so it appears that this may be easy to fix for GNU systems? Anyone else run into this issue before? I'm a little bit concerned because MD5 passwords have been hyped up lately, and here is an easy to use administration tool, in Linux-Mandrake,that doesn't make use of built in system security.
For anyone that wants to make sure their Linux-Mandrake system is making MD5 passwords, take a look at the encrypted password field in /etc/shadow (as the root user) and see if the first three characters start with "$1$". Also, I believe the MD5 passwords are 34 characters long in /etc/shadow, where the old-style crypt passwords are 13 characters long in /etc/shadow. -- [EMAIL PROTECTED]
