Bug 178916 - Line feeds when password needs changing with rlogin
Summary: Line feeds when password needs changing with rlogin
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: rsh
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karel Zak
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 178252 187539
TreeView+ depends on / blocked
 
Reported: 2006-01-25 13:42 UTC by Bastien Nocera
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-03-29 20:56:12 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0231 normal SHIPPED_LIVE rsh bug fix update 2006-07-19 20:40:00 UTC

Description Bastien Nocera 2006-01-25 13:42:42 UTC
1. Create a new user, and set the new user's password
2. Run chage to force the user's password to be updated (Maximum Password Age to
"1", and Last Password Change to 2 days before today)
3. Install rsh-server

4. chkconfig add rlogin
5. Try to rlogin to this machine as that user

$ rlogin -l testuser amd64
connect to address 172.16.10.230: Connection refused
Trying krb4 rlogin...
connect to address 172.16.10.230: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Password:
You are required to change your password immediately (password aged)
                                                                   Changing
password for testuser
                (current) UNIX password:

If the password isn't entered properly on the first prompt, then login seems to
take over, and the line feeds look fine.

$ rlogin -l testuser amd64
connect to address 172.16.10.230: Connection refused
Trying krb4 rlogin...
connect to address 172.16.10.230: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Password:
Password:
Login incorrect

login: testuser
Password:
You are required to change your password immediately (password aged)
Changing password for testuser
(current) UNIX password: rlogin: connection closed.

Logging in using ssh works fine as well:
$ ssh testuser@amd64
testuser@amd64's password:
You are required to change your password immediately (password aged)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testuser.
Changing password for testuser
(current) UNIX password:

The problem happens on any combination of RHEL3 and RHEL4 servers and clients
(RHEL3 server/RHEL4 client, RHEL4 server/RHEL4 client, etc.)

Comment 1 Karel Zak 2006-01-25 21:08:49 UTC
You're probably right. There's private PAM_conversation() implementation in the
rlogind and it's without "\n".



Comment 6 Red Hat Bugzilla 2006-03-29 20:56:12 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0231.html


Comment 11 Jason Willeford 2006-04-17 14:46:22 UTC
These are the comments from the customer which are in the Issue Tracker ticket.

<snip>
The results for the rlogin from AIX to Linux were a little strange. I'm
attaching a file that shows the output to the screen (still not getting line
feeds from the PAM module passwdqc). The strange behavior was that once I
changed my password, I was prompted again to change it before completing the
login. Before reacting to the prompt, I verified that the password was changed
(see top of attached rlogin.txt file). I then entered the newly changed password
at each prompt for password and the login completed.

<another comment from IT>
We initially tested the updated packages in our Lab, where they appeared to
resolve our problem. Our lab does not have an AIX system, so we moved into our
operational environment to do further testing. My "rlogin.txt" attachment from
3/10 shows what happened when we logged into a Linux system with the updated
rsh* packages from an AIX workstation. We discovered yesterday that the we see
the same result when logging into a Linux system from a Linux workstation.

The primary difference between our lab systems and the operational systems is
that the operational systems use the pam module pam_passwdqc instead of
pam_cracklib (in /etc/pam.d/system-auth).

In summary, the updated packages fix the line-feed problems with the initial
prompts to change the password. Once the pam_passwdqc module is involved, the
output seems to skew again. In addition, once the password is successfully
changed, the user is prompted to reenter the password.

If you access the system via telnet the prompts for password change and the
output of pam_passwdqc line feed normally. The user is also not prompted to
reenter the password once it has been successfully changed.


Comment 13 Karel Zak 2006-05-30 20:44:13 UTC
See bug #191390 which is open for this issue.


Note You need to log in before you can comment on or make changes to this bug.