diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index e41dde542..97728045c 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -26,7 +26,10 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow + + # 2022-09-21 #3368: Sets field2 to "" if sudo -n fails to read /etc/shadow + # 2022-10-18 #3404: Redirect stderr to /dev/null, to avoid Mint pop-up + field2=$(sudo -n grep "^$1:" /etc/shadow 2>/dev/null | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index aead6273a..9d18eece1 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,10 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # Sets field2 to "" if sudo -s fails to read /etc/shadow + + # 2022-09-21 #3368: Sets field2 to "" if sudo -n fails to read /etc/shadow + # 2022-10-18 #3404: Redirect stderr to /dev/null, to avoid Mint pop-up + field2=$(sudo -n grep "^$1:" /etc/shadow 2> /dev/null | cut -d: -f2) [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds