Description of problem: When a user has an expired password and they login (we are using telnet but probably same happens with other types of login) it will force them to change their password, first thing it does is ask for their old password once again. If the user does nothing (or worse, calls support when they see this) the the file /etc/.pwd.lock is locked and /usr/bin/passwd will hang (even for root) so no one on the system is able to change any passwords until this user can be found and booted. Version-Release number of selected component (if applicable): pam-0.75-54 util-linux-2.11y-31.1 How reproducible: consistent Steps to Reproduce: 1. Enable login via telnet 2. Get a user and make their password expire # chage -M 10 crashdummy # chage -d 123 crashdummy 3. Login as that user via telnet, stop as soon as you see "changing password for crashdummy" 4. Go to a root prompt and change any password # passwd whoever Actual results: /usr/bin/passwd waits forever before prompting Expected results: /usr/bin/passwd prompts for new password like normal Additional info: I'm pretty sure the offending code is in /lib/security/pam_unix.so which should make sure it never holds a lock at the same time as waiting for user input. The lock should only be held while accessing the password files.
Duplicate of bug 75454
Fix confirmed with pam-0.75-62. Throwing into PROD_READY pending the release of the errata.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-575.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-551.html