Bug 3029

Summary: pam fails on empty passwords.
Product: [Retired] Red Hat Linux Reporter: Han-Wen Nienhuys <hanwen>
Component: pamAssignee: Cristian Gafton <gafton>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: bart.durinck, bgilbert, cg2v, goeran, pahe+redhat-bugzilla, tompermutt
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-02-05 20:16:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Han-Wen Nienhuys 1999-05-25 09:32:19 UTC 
PAM 0.66-18 does not allow empty password fields in
/etc/passwd (as installed out of the box) Logging
in does not work, and setting the password  also fails.
Comment 1 Dale Lovelace 1999-05-27 21:35:59 UTC 
*** Bug 3024 has been marked as a duplicate of this bug. ***

It is not possible to log in with a blank password.

This is problem if you forget the root password, boot
into single user mode and reset the password.

I do not use shadow passwords.

It seems as if the nullok option from pam_pwdb is ignored.
Comment 2 Benjamin Gilbert 1999-07-18 17:02:59 UTC 
Is there a workaround so that users with null passwords can at least log in?  Is this going to get fixed?
Comment 3 Göran Uddeborg 1999-07-27 11:17:59 UTC 
A workaround is to use shadow passwords.
Comment 4 Michael K. Johnson 1999-08-02 16:16:59 UTC 
*** Bug 4060 has been marked as a duplicate of this bug. ***

With shadowing turned off, setting a zero-length password
seems to corrupt the password data-base.  Whether I do it by
editing /etc/passwd, or using passwd as root, the user is
unable to log on.  Furthermore, even if root runs passwd
again to set a non-null password, that user remains hosed.

------- Additional Comments From johnsonm  07/30/99 17:10 -------
I cannot reproduce this.  Are you using NIS or some other form of
authentication besides /etc/passwd?  A non-root user cannot set a
null password with the passwd command; perhaps the old password is
still in force for you?

------- Additional Comments From johnsonm  08/02/99 12:14 -------
OK, 3029 does look like the same report...
Comment 5 bart.durinck 1999-08-04 23:15:59 UTC 
Same prob here.
The work-around of using shadow passwd is NOK if you have NIS and Sun
clients :-(
But now for the good news :-) I think I found a fix. It's in pwdb (not
pam) I'll submit it in a moment.
Thanks to <balajir.nec.com>, his "Re: cannot log in: 6.0
upgrade broke PAM / pwdb" in linux.redhat.install got me on the right
track.
Comment 6 Bill Nottingham 1999-10-19 16:13:59 UTC 
*** Bug 6085 has been marked as a duplicate of this bug. ***

If shadow passwords are not being used on a system, the
following things do not seem to work properly

1) logging in if you have an empty password. pam_pwdb
reports 'get passwd; pwdb: request not recognized' in syslog
2) changing  or deleting the password of an entity that
currently does not have a password (either an 'empty
password' or 'no password'). passwd reports success, but the
contents of /etc/passwd are not changed
Comment 7 Bill Nottingham 2000-02-05 20:16:59 UTC 
This should be fixed in the latest pam and pwdb packages in Raw Hide.