In last stable sys-apps/shadow(did not check other versions, possibly they are affected too) /usr/sbin/newusers does not add encrypted passwords for users in /etc/shadow. For example: echo 'test:VeryDifficultPassword111:1000:100::/home/test:/sbin/nologin' | newusers gave such result: /etc/passwd: test:x:1000:100::/home/test:/sbin/nologin /etc/shadow: test:!:15696:0:99999:7::: Note the '!' sign in password field. I would wait something like this: test:$6$0rRjlaMO$WLrbLqDWHTh7NfnrqaZ4zQ/1S921Fkw3oDci7isoRMeipcGaclKvqTlWb3xKXNMQx6xAQEgcMSu52ijbU.8AG/:15696:0:99999:7::: Latest string is generated through chpasswd, which seems to work OK. Probably this can be related to bug on Arch Linux bugzilla(see URL field).
Little note: using chpasswd pam file for newusers(just replacing it) "fix" this issue. So, it's probably pam-related bug, i think
You're right. Security, please advise.
shadow-4.1.5.1 has been in the tree for a while now. time to stabilize it.
(In reply to comment #3) > shadow-4.1.5.1 has been in the tree for a while now. time to stabilize it. Unfortunately this will not help, cause this versions contains the same pam file as 4.1.3.1. It seems that all versions in tree are affected. Probably this should be reported upstream(if it is not done yet)
(In reply to comment #4) > Probably this should be reported upstream(if it is not done yet) Forget my previous sentence - problem is in pam file(${FILESDIR}"/pam.d-include/shadow), supplied in portage, not in upstream one
This is fixed in 4.1.5.1-r1, sorry I did forget to commit it the other day.
4.1.5.1-r1 went stable, closing this as FIXED