Bug 191390

Summary: Line feeds when password needs changing with rlogin
Product: Red Hat Enterprise Linux 3 Reporter: Bastien Nocera <bnocera>
Component: rshAssignee: Adam Tkac <atkac>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: kzak, nalin, ovasik, sfolkwil, tao, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2007-0410 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-11 18:46:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 190430, 212183    

Description Bastien Nocera 2006-05-11 15:30:06 UTC 
pam_passwdqc seems to have the same bug as rsh, in its conversation messages.

The reproducer steps are the same except that you need to have:
password    required      /lib/security/$ISA/pam_passwdqc.so
min=disabled,disabled,disabled,8,8 max=22 passphrase=0 match=4 similar=deny
retry=5 random=0

in your /etc/pam.d/system-auth

+++ This bug was initially created as a clone of Bug #178916 +++

1. Create a new user, and set the new user's password
2. Run chage to force the user's password to be updated (Maximum Password Age to
"1", and Last Password Change to 2 days before today)
3. Install rsh-server

4. chkconfig rlogin on
5. Try to rlogin to this machine as that user

$ rlogin -l testuser amd64
connect to address 172.16.10.230: Connection refused
Trying krb4 rlogin...
connect to address 172.16.10.230: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Password:
You are required to change your password immediately (password aged)
                                                                   Changing
password for testuser
                (current) UNIX password:
<snip>

-- Additional comment from kzak on 2006-01-25 16:08 EST --
You're probably right. There's private PAM_conversation() implementation in the
rlogind and it's without "\n".
Comment 1 Tomas Mraz 2006-05-11 15:41:44 UTC 
pam_passwdqc is a separate package but I don't believe this bug is there either.
The reason is that the 'You are required to change your password immediately
(password aged)' message is issued by pam_unix and the EOL character must be
added by the conversation function which is part of the rlogind.
Comment 2 Bastien Nocera 2006-05-11 15:51:05 UTC 
Actually, it works with:
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
in the system-auth file, but not with pam_passwdqc as explained above.
Comment 19 Red Hat Bugzilla 2007-06-11 18:46:04 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0410.html