Hello,
working on su/login in ubase, I removed my /etc/shadow-file with
"pwunconv" and noticed that slock didn't work any more.
It turned out to be an invalid check in slock for shadow-passwords,
which, after correcting it, turned out to solve the problem instantly.
I don't know who got the idea to check the length of the hash, given a
shadow-password is easy to identify with 'x','\0'.
My patch is attached; I'd be glad to see it applied for all people who
know that shadow-passwords only give a false sense of security.
Cheers
FRIGN
--
FRIGN <dev_AT_frign.de>
Received on Tue Jun 03 2014 - 19:28:37 CEST