Bug 191390 - Line feeds when password needs changing with rlogin
Summary: Line feeds when password needs changing with rlogin
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: rsh
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: Ben Levenson
Depends On:
Blocks: 190430 212183
TreeView+ depends on / blocked
Reported: 2006-05-11 15:30 UTC by Bastien Nocera
Modified: 2013-04-30 23:34 UTC (History)
6 users (show)

Clone Of:
Last Closed: 2007-06-11 18:46:04 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0410 normal SHIPPED_LIVE rsh bug fix update 2007-06-07 19:21:25 UTC

Description Bastien Nocera 2006-05-11 15:30:06 UTC
pam_passwdqc seems to have the same bug as rsh, in its conversation messages.

The reproducer steps are the same except that you need to have:
password    required      /lib/security/$ISA/pam_passwdqc.so
min=disabled,disabled,disabled,8,8 max=22 passphrase=0 match=4 similar=deny
retry=5 random=0

in your /etc/pam.d/system-auth

+++ This bug was initially created as a clone of Bug #178916 +++

1. Create a new user, and set the new user's password
2. Run chage to force the user's password to be updated (Maximum Password Age to
"1", and Last Password Change to 2 days before today)
3. Install rsh-server

4. chkconfig rlogin on
5. Try to rlogin to this machine as that user

$ rlogin -l testuser amd64
connect to address Connection refused
Trying krb4 rlogin...
connect to address Connection refused
trying normal rlogin (/usr/bin/rlogin)
You are required to change your password immediately (password aged)
password for testuser
                (current) UNIX password:

-- Additional comment from kzak@redhat.com on 2006-01-25 16:08 EST --
You're probably right. There's private PAM_conversation() implementation in the
rlogind and it's without "\n".

Comment 1 Tomas Mraz 2006-05-11 15:41:44 UTC
pam_passwdqc is a separate package but I don't believe this bug is there either.
The reason is that the 'You are required to change your password immediately
(password aged)' message is issued by pam_unix and the EOL character must be
added by the conversation function which is part of the rlogind.

Comment 2 Bastien Nocera 2006-05-11 15:51:05 UTC
Actually, it works with:
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
in the system-auth file, but not with pam_passwdqc as explained above.

Comment 19 Red Hat Bugzilla 2007-06-11 18:46:04 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.