[Bug 287134] Re: users-admin sets up maximum 8 character password
Hi Milan, This would be good to take upstream at minimum. Moving away from a binary MD5/3DES choice would be better. Moving to PAM would be better still, as you get this for free and there is no danger of it getting out of date again and causing a similar issue. Thanks, James -- users-admin sets up maximum 8 character password https://bugs.launchpad.net/bugs/287134 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to system-tools-backends in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 287134] Re: users-admin sets up maximum 8 character password
I don't really understand how it's working currently. Is Ubuntu using SHA? If so, is liboobs writing MD5 passwords to /etc/shadow? We should at least support SHA as well as MD5. I plan to make a release before Karmic so that a few bugfixes go into it. Do you think you could improve the patch before that? Using PAM is of course much cleaner and logical, but we need to find a way to send the clear password to the backends, and that won't be done before Karmic. An intermediate fix would be Kees's patch [1] to use chpasswd, but upstreaming it is difficult since we have to be sure chpasswd is present, or use the stb for that. So maybe it would be worth fixing the problem once for all using PAM, instead of spending time on temporary fixes. We have a ready-to-use perl code if we want to use PAM in the stb at [2]. But before that we need to send the clear password... 1: http://launchpadlibrarian.net/19941588/liboobs_2.22.0-1ubuntu1.debdiff (bug 51551) 2: http://nik.pelov.name/files/Authen/PAM/FAQ.html#2__can_i_change_a_password_non_interactively -- users-admin sets up maximum 8 character password https://bugs.launchpad.net/bugs/287134 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to system-tools-backends in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Bug 287134] Re: users-admin sets up maximum 8 character password
On Wed, Sep 02, 2009 at 05:56:58PM -, Milan Bouchet-Valat wrote: I don't really understand how it's working currently. Is Ubuntu using SHA? If so, is liboobs writing MD5 passwords to /etc/shadow? The current patches in Ubuntu use chpasswd to determine the hashing (i.e. it is not something stb should have knowledge of). But, as you say, that requires a patched chpasswd, so it's totally unacceptable for upstreaming. :( -- users-admin sets up maximum 8 character password https://bugs.launchpad.net/bugs/287134 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to system-tools-backends in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Bug 287134] Re: users-admin sets up maximum 8 character password
On Wed Sep 02 17:56:58 UTC 2009 Milan Bouchet-Valat wrote: I don't really understand how it's working currently. Is Ubuntu using SHA? If so, is liboobs writing MD5 passwords to /etc/shadow? That's what the patch in this bug does. Kees implemented a better solution for us which gave us encryption of the same strength as default. Writing MD5 is better than 3DES, but should still be avoided. We should at least support SHA as well as MD5. I plan to make a release before Karmic so that a few bugfixes go into it. Do you think you could improve the patch before that? Well, the patch is fine as far as it goes. The main thing to add would be SHA support. I would like to see the default be for the strongest that stb knows about, so that when the switch is made next time the unkown scheme translates to SHA512 being used, rather than 3DES again. Using PAM is of course much cleaner and logical, but we need to find a way to send the clear password to the backends, and that won't be done before Karmic. An intermediate fix would be Kees's patch [1] to use chpasswd, but upstreaming it is difficult since we have to be sure chpasswd is present, or use the stb for that. So maybe it would be worth fixing the problem once for all using PAM, instead of spending time on temporary fixes. I think that would be good, but as you say it's not straightforward. Creating the pipe and passing the password over isn't too much work. I think it will require changing the D-Bus interface though. Thanks, James -- users-admin sets up maximum 8 character password https://bugs.launchpad.net/bugs/287134 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to system-tools-backends in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 287134] Re: users-admin sets up maximum 8 character password
James, any news on that front? Should the fix go upstream? Should it be improved? -- users-admin sets up maximum 8 character password https://bugs.launchpad.net/bugs/287134 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to system-tools-backends in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs