This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 124645 - (IT_40527) [PATCH] credit values are ignored in /etc/pam.d/passwd
[PATCH] credit values are ignored in /etc/pam.d/passwd
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: pam (Show other bugs)
2.1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Jay Turner
:
Depends On: 125123
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-28 01:39 EDT by Luke harris
Modified: 2015-01-07 19:07 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-13 15:49:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Luke harris 2004-05-28 01:39:14 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
The 'dcredit' and 'ocredit' values in the following entry from my pam
config file (/etc/pam.d/passwd) are ignored:
password   required     /lib/security/pam_cracklib.so retry=9 difok=3
minlen=8 dcredit=-1 ocredit=-1 ucredit=0 lcredit=0

The use of "-1" is permitted as descibed in the Linux-PAM System
Administrators' Guide:
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.3

Another user has also noticed this same problem:
http://www.redhat.com/archives/pam-list/2003-August/msg00000.html

A fix has been written, and I have tested it and it FIXES the problem:
http://www.puschitz.com/pam_cracklib_patch.shtml



Version-Release number of selected component (if applicable):
pam-0.75-46.7.3

How reproducible:
Always

Steps to Reproduce:
1. Edit the pam config file (/etc/pam.d/passwd) to include the
following entry:
password   required     /lib/security/pam_cracklib.so retry=9 difok=3
minlen=8 dcredit=-1 ocredit=-1 ucredit=0 lcredit=0
2. login as a user and attempt to change the current passwd
3. the user is able to enter a password of 8 characters all in
lowercase and it is accepted(!) ie. it SHOULD request one
digit/numeral AND one other/special character to be included.
    

Additional info:
Comment 3 John Flanagan 2004-12-13 15:49:36 EST
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-575.html
Comment 4 John Flanagan 2004-12-21 14:29:21 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-551.html

Note You need to log in before you can comment on or make changes to this bug.