Bug 131338 - /usr/bin/passwd locks while waiting for /bin/login to update an expired password
Summary: /usr/bin/passwd locks while waiting for /bin/login to update an expired password
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: pam
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-08-31 08:15 UTC by Creative Computing
Modified: 2015-01-08 00:08 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2004-12-13 20:49:35 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2004:551 normal SHIPPED_LIVE Updated pam packages 2004-12-21 05:00:00 UTC
Red Hat Product Errata RHBA-2004:575 high SHIPPED_LIVE Updated pam packages 2004-12-13 05:00:00 UTC

Description Creative Computing 2004-08-31 08:15:24 UTC
Description of problem:

When a user has an expired password and they login (we are using
telnet but probably same happens with other types of login)
it will force them to change their password, first thing it does
is ask for their old password once again. If the user does nothing
(or worse, calls support when they see this) the the file
/etc/.pwd.lock is locked and /usr/bin/passwd will hang (even for
root) so no one on the system is able to change any passwords until
this user can be found and booted.

Version-Release number of selected component (if applicable):

  pam-0.75-54
  util-linux-2.11y-31.1

How reproducible:

  consistent

Steps to Reproduce:
1. Enable login via telnet

2. Get a user and make their password expire
     # chage -M 10 crashdummy
     # chage -d 123 crashdummy

3. Login as that user via telnet, stop as soon as you
   see "changing password for crashdummy"

4. Go to a root prompt and change any password
     # passwd whoever
  
Actual results:

   /usr/bin/passwd waits forever before prompting

Expected results:

   /usr/bin/passwd prompts for new password like normal

Additional info:

   I'm pretty sure the offending code is in /lib/security/pam_unix.so
   which should make sure it never holds a lock at the same time as
   waiting for user input. The lock should only be held while
   accessing the password files.

Comment 1 Tomas Mraz 2004-09-08 10:51:31 UTC
Duplicate of bug 75454

Comment 2 Jay Turner 2004-11-27 13:28:06 UTC
Fix confirmed with pam-0.75-62.  Throwing into PROD_READY pending the
release of the errata.

Comment 3 John Flanagan 2004-12-13 20:49:35 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-575.html


Comment 4 John Flanagan 2004-12-21 19:29:19 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-551.html



Note You need to log in before you can comment on or make changes to this bug.