COMMAND

    useradd (shadow-980724)

SYSTEMS AFFECTED

    SuSE Linux 6.1

PROBLEM

    Emils Klotins found  following.  'useradd'  command has an  option
    '-p password'  for specifying  password to  the newly  added user.
    (This option btw,  does not appear  anywhere in useradd  man page)
    If you  specify this  option along  with a  password, the password
    will  be  stored  in  /etc/shadow,  but  in  cleartext, creating 2
    problems:

        1.  The password is stored in cleartext
        2.  It of  course does not work,  for upon login an  encrypted
            version of password is expected to be in /etc/shadow.

SOLUTION

    Specifying  password  in  command-line  can  be  considered  quite
    dangerous, however, if the option is there, it should either  work
    correctly or  not be  there.   Anyway, skip  that and use standard
    procedure.  The  obvious answer is  that the password  supplied as
    an argument to -p is  the encrypted password, generated by  any of
    the mkpasswd utilities.

    It's odd  that it's  not mentioned  in the  man page,  but it  was
    added to the man page in  version 19990307.  SuSE needs to  update
    their package.  The current version is 19990607, available at

        ftp://piast.t19.ds.pwr.wroc.pl/pub/linux/shadow/