Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Kerberos password change fails, but user is told that it succeeded|
|Product:||[Fedora] Fedora||Reporter:||Jason Tibbitts <tibbs>|
|Component:||pam_krb5||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||2.2.11-1||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-02-08 11:19:12 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jason Tibbitts 2005-04-18 14:14:27 EDT
I'm runing stock FC3 with pam_krb5-2.1.2-1. My server is an FC2 machine running krb5-server-1.3.6-4. I'm seeing password changes via "passwd" appear to succeed with the message: passwd: all authentication tokens updated successfully. and the logged entry: passwd: pam_krb5: password changed for XXXX but the server logs errors like: kadmind(Notice): chpw request from XXXX for XXXX: Cannot reuse password kadmind(Notice): chpw request from XXXX for XXXX: Password is too short It seems the error is not being propagated back to the user. If I use a password that doesn't trigger the length or reuse errors, the change succeeds. I'll attach my /etc/pam.d/system-auth.
Comment 1 Jason Tibbitts 2005-04-18 14:14:27 EDT
Created attachment 113336 [details] /etc/pam.d/system-auth
Comment 2 Jason Tibbitts 2005-04-18 16:07:24 EDT
I built and installed pam_krb5-2.1.5-1; the problem is still present.
Comment 3 Jason Tibbitts 2005-04-19 12:39:39 EDT
I read over the pam_krb5 source and it looks like everything is done by calling krb5_change_password which is part of Kerberos, and the return , so I built and installd krb5 1.4-3 from Rawhide. The behavior still did not change. However, I note that using kpasswd works fine and properly reports errors.
Comment 4 Matthew Miller 2006-07-10 16:22:54 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
Comment 5 Jason Tibbitts 2007-02-08 11:19:12 EST
I don't believe I can reproduce this with a modern release.