Bug 124645 (IT_40527) - [PATCH] credit values are ignored in /etc/pam.d/passwd
Summary: [PATCH] credit values are ignored in /etc/pam.d/passwd
Keywords:
Status: CLOSED ERRATA
Alias: IT_40527
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: pam
Version: 2.1
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On: 125123
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-28 05:39 UTC by Luke harris
Modified: 2015-01-08 00:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-12-13 20:49:36 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2004:551 0 normal SHIPPED_LIVE Updated pam packages 2004-12-21 05:00:00 UTC
Red Hat Product Errata RHBA-2004:575 0 high SHIPPED_LIVE Updated pam packages 2004-12-13 05:00:00 UTC

Description Luke harris 2004-05-28 05:39:14 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
The 'dcredit' and 'ocredit' values in the following entry from my pam
config file (/etc/pam.d/passwd) are ignored:
password   required     /lib/security/pam_cracklib.so retry=9 difok=3
minlen=8 dcredit=-1 ocredit=-1 ucredit=0 lcredit=0

The use of "-1" is permitted as descibed in the Linux-PAM System
Administrators' Guide:
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.3

Another user has also noticed this same problem:
http://www.redhat.com/archives/pam-list/2003-August/msg00000.html

A fix has been written, and I have tested it and it FIXES the problem:
http://www.puschitz.com/pam_cracklib_patch.shtml



Version-Release number of selected component (if applicable):
pam-0.75-46.7.3

How reproducible:
Always

Steps to Reproduce:
1. Edit the pam config file (/etc/pam.d/passwd) to include the
following entry:
password   required     /lib/security/pam_cracklib.so retry=9 difok=3
minlen=8 dcredit=-1 ocredit=-1 ucredit=0 lcredit=0
2. login as a user and attempt to change the current passwd
3. the user is able to enter a password of 8 characters all in
lowercase and it is accepted(!) ie. it SHOULD request one
digit/numeral AND one other/special character to be included.
    

Additional info:
Comment 3 John Flanagan 2004-12-13 20:49:36 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-575.html
Comment 4 John Flanagan 2004-12-21 19:29:21 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-551.html
Note You need to log in before you can comment on or make changes to this bug.