Bug 2228558 - pam_pwhistory remembers one extra password than specified [NEEDINFO]
Summary: pam_pwhistory remembers one extra password than specified
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pam
Version: 7.5
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Iker Pedrosa
QA Contact: sssd-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-02 16:43 UTC by Chance Callahan
Modified: 2023-08-08 06:40 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:
ipedrosa: needinfo? (ccallaha)


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-164240 0 None None None 2023-08-02 16:45:55 UTC

Description Chance Callahan 2023-08-02 16:43:36 UTC
Description of problem:

A customer came to us with the following bug: on RHEL 6, if they told pam_pwhistory to remember the last five passwords, it would remember them. If they give the same instruction to the PAM module on RHEL 7.5, it remembers the last six passwords instead of five.

Version-Release number of selected component (if applicable):

* pam-1.1.8-22.el7.x86_64

How reproducible:

I did not personally reproduce it, but the customer has indicated it's affecting multiple systems.

Steps to Reproduce:
1. Enable pam_pwhistory
2. Set it to remember the last five passwords.
3. Change password five times.
4. Try using the original password again.

Actual results:

(per customer) pam_pwhistory remembers the last six passwords instead of the last five.

Expected results:

pam_pwhistory only recalls the last five passwords.

Comment 3 Iker Pedrosa 2023-08-07 10:19:36 UTC
I tried reproducing the error in RHEL7 and it's working as expected. So, I'm wondering, maybe there was a problem in RHEL6 and it was fixed for RHEL7.

Steps:
1- Set 6 different passwords for a user.
2- Change the password to the second one -> Fails because we are reusing a password.
3- Change the password to the first one -> Succeeds.

Can you provide any additional information?

Comment 4 Chance Callahan 2023-08-07 16:25:11 UTC
Did you try on 7.9 or 7.5?

Comment 5 Iker Pedrosa 2023-08-08 06:40:28 UTC
I don't know the exact RHEL version but I know I was using pam-1.1.8-22


Note You need to log in before you can comment on or make changes to this bug.