Bug 178916 - Line feeds when password needs changing with rlogin
Line feeds when password needs changing with rlogin
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: rsh (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karel Zak
Ben Levenson
:
Depends On:
Blocks: 178252 187539
  Show dependency treegraph
 
Reported: 2006-01-25 08:42 EST by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2006-0231
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-29 15:56:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bastien Nocera 2006-01-25 08:42:42 EST
1. Create a new user, and set the new user's password
2. Run chage to force the user's password to be updated (Maximum Password Age to
"1", and Last Password Change to 2 days before today)
3. Install rsh-server

4. chkconfig add rlogin
5. Try to rlogin to this machine as that user

$ rlogin -l testuser amd64
connect to address 172.16.10.230: Connection refused
Trying krb4 rlogin...
connect to address 172.16.10.230: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Password:
You are required to change your password immediately (password aged)
                                                                   Changing
password for testuser
                (current) UNIX password:

If the password isn't entered properly on the first prompt, then login seems to
take over, and the line feeds look fine.

$ rlogin -l testuser amd64
connect to address 172.16.10.230: Connection refused
Trying krb4 rlogin...
connect to address 172.16.10.230: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Password:
Password:
Login incorrect

login: testuser
Password:
You are required to change your password immediately (password aged)
Changing password for testuser
(current) UNIX password: rlogin: connection closed.

Logging in using ssh works fine as well:
$ ssh testuser@amd64
testuser@amd64's password:
You are required to change your password immediately (password aged)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testuser.
Changing password for testuser
(current) UNIX password:

The problem happens on any combination of RHEL3 and RHEL4 servers and clients
(RHEL3 server/RHEL4 client, RHEL4 server/RHEL4 client, etc.)
Comment 1 Karel Zak 2006-01-25 16:08:49 EST
You're probably right. There's private PAM_conversation() implementation in the
rlogind and it's without "\n".

Comment 6 Red Hat Bugzilla 2006-03-29 15:56:12 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0231.html
Comment 11 Jason Willeford 2006-04-17 10:46:22 EDT
These are the comments from the customer which are in the Issue Tracker ticket.

<snip>
The results for the rlogin from AIX to Linux were a little strange. I'm
attaching a file that shows the output to the screen (still not getting line
feeds from the PAM module passwdqc). The strange behavior was that once I
changed my password, I was prompted again to change it before completing the
login. Before reacting to the prompt, I verified that the password was changed
(see top of attached rlogin.txt file). I then entered the newly changed password
at each prompt for password and the login completed.

<another comment from IT>
We initially tested the updated packages in our Lab, where they appeared to
resolve our problem. Our lab does not have an AIX system, so we moved into our
operational environment to do further testing. My "rlogin.txt" attachment from
3/10 shows what happened when we logged into a Linux system with the updated
rsh* packages from an AIX workstation. We discovered yesterday that the we see
the same result when logging into a Linux system from a Linux workstation.

The primary difference between our lab systems and the operational systems is
that the operational systems use the pam module pam_passwdqc instead of
pam_cracklib (in /etc/pam.d/system-auth).

In summary, the updated packages fix the line-feed problems with the initial
prompts to change the password. Once the pam_passwdqc module is involved, the
output seems to skew again. In addition, once the password is successfully
changed, the user is prompted to reenter the password.

If you access the system via telnet the prompts for password change and the
output of pam_passwdqc line feed normally. The user is also not prompted to
reenter the password once it has been successfully changed.
Comment 13 Karel Zak 2006-05-30 16:44:13 EDT
See bug #191390 which is open for this issue.

Note You need to log in before you can comment on or make changes to this bug.