Bug 131338

Summary: /usr/bin/passwd locks while waiting for /bin/login to update an expired password
Product: Red Hat Enterprise Linux 3 Reporter: Creative Computing <support>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: srevivo, t8m
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-12-13 20:49:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Creative Computing 2004-08-31 08:15:24 UTC 
Description of problem:

When a user has an expired password and they login (we are using
telnet but probably same happens with other types of login)
it will force them to change their password, first thing it does
is ask for their old password once again. If the user does nothing
(or worse, calls support when they see this) the the file
/etc/.pwd.lock is locked and /usr/bin/passwd will hang (even for
root) so no one on the system is able to change any passwords until
this user can be found and booted.

Version-Release number of selected component (if applicable):

  pam-0.75-54
  util-linux-2.11y-31.1

How reproducible:

  consistent

Steps to Reproduce:
1. Enable login via telnet

2. Get a user and make their password expire
     # chage -M 10 crashdummy
     # chage -d 123 crashdummy

3. Login as that user via telnet, stop as soon as you
   see "changing password for crashdummy"

4. Go to a root prompt and change any password
     # passwd whoever
  
Actual results:

   /usr/bin/passwd waits forever before prompting

Expected results:

   /usr/bin/passwd prompts for new password like normal

Additional info:

   I'm pretty sure the offending code is in /lib/security/pam_unix.so
   which should make sure it never holds a lock at the same time as
   waiting for user input. The lock should only be held while
   accessing the password files.
Comment 1 Tomas Mraz 2004-09-08 10:51:31 UTC 
Duplicate of bug 75454
Comment 2 Jay Turner 2004-11-27 13:28:06 UTC 
Fix confirmed with pam-0.75-62.  Throwing into PROD_READY pending the
release of the errata.
Comment 3 John Flanagan 2004-12-13 20:49:35 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-575.html
Comment 4 John Flanagan 2004-12-21 19:29:19 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-551.html