From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 Description of problem: The 'dcredit' and 'ocredit' values in the following entry from my pam config file (/etc/pam.d/passwd) are ignored: password required /lib/security/pam_cracklib.so retry=9 difok=3 minlen=8 dcredit=-1 ocredit=-1 ucredit=0 lcredit=0 The use of "-1" is permitted as descibed in the Linux-PAM System Administrators' Guide: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.3 Another user has also noticed this same problem: http://www.redhat.com/archives/pam-list/2003-August/msg00000.html A fix has been written, and I have tested it and it FIXES the problem: http://www.puschitz.com/pam_cracklib_patch.shtml Version-Release number of selected component (if applicable): pam-0.75-46.7.3 How reproducible: Always Steps to Reproduce: 1. Edit the pam config file (/etc/pam.d/passwd) to include the following entry: password required /lib/security/pam_cracklib.so retry=9 difok=3 minlen=8 dcredit=-1 ocredit=-1 ucredit=0 lcredit=0 2. login as a user and attempt to change the current passwd 3. the user is able to enter a password of 8 characters all in lowercase and it is accepted(!) ie. it SHOULD request one digit/numeral AND one other/special character to be included. Additional info:
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-575.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-551.html