Bug 852391

Summary: No way to disable some password checks when using pam_cracklib module
Product: Red Hat Enterprise Linux 6 Reporter: Athar <athar.lh>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.1CC: dapospis
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-11 08:13:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Athar 2012-08-28 11:21:51 UTC 
Description of problem:

There is no way to disable following password checks for non-root user :

$ passwd
Changing password for user test.
Changing password for test.
(current) UNIX password: 
New password: 
BAD PASSWORD: is rotated
New password: 
BAD PASSWORD: it is too simplistic/systematic
New password: 
BAD PASSWORD: is a palindrome


Version-Release number of selected component (if applicable):


How reproducible: Always


Steps to Reproduce:
1. Create a test user on Linux.
2. Login as test and try to change its password.
3. Tried following passwords which result in an error :

New password: 
BAD PASSWORD: is rotated                           << Old password : Newpassw0rd , New password : dNewpassw0r
New password: 
BAD PASSWORD: it is too simplistic/systematic      << abcd123
New password: 
BAD PASSWORD: is a palindrome                      << deesawaseed

Contents of system-auth file are :

password    requisite     pam_cracklib.so try_first_pass retry=3 minlen=6 dcredit=0 lcredit=0 ocredit=0 ucredit=0 maxrepeat=0 difok=0
password    required      pam_pwhistory.so enforce_for_root remember=3 use_authtok
password    sufficient    pam_unix.so md5 shadow try_first_pass use_authtok
password    required      pam_deny.so
  
Actual results:

There is no way available to disable the above password checks.

Additional info:
Comment 2 Tomas Mraz 2012-08-28 12:13:31 UTC 
Please use the regular support channels to request this enhancement. Otherwise the request cannot be properly prioritized.

See http://www.redhat.com/support/ for details.
Comment 3 Tom Lavigne 2012-09-07 15:26:31 UTC 
This request was evaluated by Red Hat Product Management for 
inclusion in the current release of Red Hat Enterprise Linux.
Since we are unable to provide this feature at this time,  
it has been proposed for the next release of 
Red Hat Enterprise Linux.
Comment 4 RHEL Program Management 2013-10-14 04:49:32 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 Athar 2014-11-11 05:18:16 UTC 
This is not desired any more.