Bug 50356

Summary: Failed changing password at login induced by pw expiration
Product: [Retired] Red Hat Linux Reporter: ccapelik
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED DUPLICATE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: nmurray
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-07-30 18:47:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ccapelik 2001-07-30 18:47:45 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3-12smp i686)

Description of problem:
Senario:

Root created new user "chiptest" via useradd.
Root created this user's passwd.
Root used chage to cause it to expire.
Allow user to login with given pw and system forces change password.
No matter what new pw user chooses, login/pam fails to allow change.
Note: I used mkpasswd to generate a random pw in below examples.
Root re-enables chage to not cause user's pw to be expired.
User logins in ok.
User runs passwd to change pw successfully.

Problem seems repeatable.

--
The problem:

showme<ccapelik>64$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Red Hat Linux release 7.1 (Seawolf)
Kernel 2.4.3-12smp on an i686
login: chiptest
Password:
You are required to change your password immediately (password aged)
Changing password for chiptest
(current) UNIX password:
New UNIX password:
BAD PASSWORD: is too simple
New UNIX password:
BAD PASSWORD: is too simple
New UNIX password:
BAD PASSWORD: is too simple

Authentication token manipulation error
Connection closed by foreign host.

--
Although this work for same user:

[chiptest@showme chiptest]$ passwd
Changing password for chiptest
(current) UNIX password:
New UNIX password:
BAD PASSWORD: it is based on your username
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

[chiptest@showme chiptest]$ passwd
Changing password for chiptest
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
[chiptest@showme chiptest]$

--
Some messages:

+ egrep -i auth /var/log/messages
Jul 30 08:47:27 showme login(pam_unix)[31437]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost  user=chiptest
Jul 30 08:47:29 showme login[31437]: Authentication token manipulation
error
Jul 30 08:47:33 showme login(pam_unix)[31440]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost
Jul 30 08:47:35 showme login[31440]: FAILED LOGIN 1 FROM localhost FOR 
chip, Authentication failure
Jul 30 08:47:38 showme login(pam_unix)[31440]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost
Jul 30 08:47:40 showme login[31440]: FAILED LOGIN 2 FROM localhost FOR est, 
Authentication failure
Jul 30 08:48:05 showme login[31440]: Authentication token manipulation
error
Jul 30 08:48:45 showme login[31443]: Authentication token manipulation
error
Jul 30 08:49:30 showme login[31446]: Authentication token manipulation
error
Jul 30 08:51:19 showme login(pam_unix)[31467]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost  user=chiptest
Jul 30 08:51:21 showme login[31467]: FAILED LOGIN 1 FROM localhost FOR 
chiptest, Authentication failure
Jul 30 08:51:53 showme login[31467]: Authentication token manipulation
error
Jul 30 08:52:40 showme login[31479]: Authentication token manipulation
error
Jul 30 08:57:57 showme login[32650]: Authentication token manipulation
error
Jul 30 09:00:29 showme login[32665]: Authentication token manipulation
error




How reproducible:
Always

Steps to Reproduce:
Senario:

Root created new user "chiptest" via useradd.
Root created this user's passwd.
Root used chage to cause it to expire.
Allow user to login with given pw and system forces change password.
No matter what new pw user chooses, login/pam fails to allow change.
Note: I used mkpasswd to generate a random pw in below examples.
Root re-enables chage to not cause user's pw to be expired.
User logins in ok.
User runs passwd to change pw successfully.

Actual Results:  User cannot change an expired password during login
whereas user can successfully issue the passwd to do so.

Expected Results:  User should be able to change expired pw during login.

Additional info:
Comment 1 Nalin Dahyabhai 2001-09-13 19:50:07 UTC 
This looks like a duplicate of #49613.

*** This bug has been marked as a duplicate of 49613 ***