-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-10.1
-
None
-
None
-
Low
-
rhel-idm-zta
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
`chpasswd` changes a user's password normally when SHA_CRYPT_MAX_ROUNDS is commented out.
For whatever integer is specified in SHA_CRYPT_MAX_ROUNDS, `chpasswd` does not honour the value.
What is the impact of this issue to you?
`chpasswd` taking very long time to calculate a password hash
Please provide the package NVR for which the bug is seen:
shadow-utils-4.15.0-5.el10.x86_64
How reproducible is this bug?:
Steps to reproduce
# cat /etc/login.defs | grep SHA ENCRYPT_METHOD SHA512 #SHA_CRYPT_MAX_ROUNDS 65535 <<<<<===== commented out # echo 'jane:password' | chpasswd ; <<<<<===== returns immediately # grep jane /etc/shadow jane:$6$zw0kufmCERVVev4p<...>:20504:0:99999:7::: --- # cat /etc/login.defs | grep SHA ENCRYPT_METHOD SHA512 SHA_CRYPT_MAX_ROUNDS 65535 <<<<<===== This integer value does not matter. # echo 'jane:password' | chpasswd ; <<<<<===== taking very long time # grep jane /etc/shadow jane:$6$rounds=657873445$p4CG4yGnsGg6SV8<...>:20504:0:99999:7::: ^^^^^^^^^^^^^^^^^
Expected results
chpasswd honours the SHA_CRYPT_MAX_ROUNDS value, and produce a password hash within reasonable time.
Actual results
chpasswd does not honour the SHA_CRYPT_MAX_ROUNDS value, and taking too much time when changing password.