Bug 158191 - passwd checking module returns bad passwd inappropriately.
Summary: passwd checking module returns bad passwd inappropriately.
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: passwd   
(Show other bugs)
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Mike McLean
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-19 14:27 UTC by akonstam
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-19 14:52:02 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description akonstam 2005-05-19 14:27:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20041005

Description of problem:
When entering a passwd to the passwd program the brogram returns message:
BAD PASSWORD: it is based on a dictionary word
For example , with the passwd: kgf08p
that message is returned. This passwd has all consinents and 2 numbers. What word could it be based on. This has happened to me on other passwds unrelated to words.
lkd45j
returns: Bad passwd: is too simple.
fgk08p 
returns: Bad passwd: based on a (reversed) dictionary word.

It is frustrating.

What rules are being used. They seem screwey.

Version-Release number of selected component (if applicable):
passwd-0.69-2

How reproducible:
Always

Steps to Reproduce:
1.passwd
2.Current unix passwd:
3.New passwd: fgk08p
  

Actual Results:  Bad passwd: based on a (reversed) dictionary word.

Expected Results:  Passwd would be accepted and a request to enter it again

Additional info:

Comment 1 Tomas Mraz 2005-05-19 14:52:02 UTC
The "too simple" is configurable by setting appropriate options to pam_cracklib
in the /etc/pam.d/system auth.
The dictionary check is done by the cracklib library.

Generally it can be said that 6 letters passwords are too short.


Comment 2 akonstam 2005-05-19 16:28:19 UTC
I am not so concerned with 6 character passwd  being too short. My real concern
is the clain that it is based on a dictionary word. This is not just one passwd
but every passwd I have tried. Now the passwd fgk08p is not based on any word I
know so something is wrong with the argorithim. And it is very anoying if I am
trying to explain to a 1000 students how to make an acceptable passwd.

Comment 3 Tomas Mraz 2005-05-19 16:43:15 UTC
The dictionary check does character substitutions and so on so for the password
to pass it has to be different in more than x characters than any word in the
dictionary. The actual x value is in the cracklib sources and if it's for
example 4 than basically no 6 letters password can pass the check.

Feel free reopen the bug and reassign it to cracklib however I don't think the
algorithm or the x value will be changed.



Note You need to log in before you can comment on or make changes to this bug.