Bug 267201 - pam_cracklib.so disregards changes to last char when calculating similarity
pam_cracklib.so disregards changes to last char when calculating similarity
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam (Show other bugs)
4.5
All All
high Severity high
: ---
: ---
Assigned To: Tomas Mraz
Jan Lieskovsky
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-30 10:20 EDT by Jose Plans
Modified: 2010-10-22 14:14 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2007-0737
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 10:03:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
pam_cracklib-last_char.patch (535 bytes, patch)
2007-08-30 10:20 EDT, Jose Plans
no flags Details | Diff
patch fixing typo (535 bytes, patch)
2007-09-01 15:20 EDT, Jose Plans
no flags Details | Diff

  None (edit)
Description Jose Plans 2007-08-30 10:20:39 EDT
Description of problem: 

If difok=2 and a password change is attempted with only changes to the first and
last char pam_cracklib will say the passwords are "too similar" wherea s the
change should be accepted.

How reproducible:

RHEL4 (any update, including 5)
pam-0.77-66.17 (any pam 0.77 rpm for RHEL4)

Include:
  passwd requisite /lib/security/$ISA/pam_cracklib.so debug retry=3 difok=3
in /etc/pam.d/system-auth

Steps to Reproduce:

use passwd to change a users password.

Actual results:

PASSWD    CHANGE RESULTS
======    ==============
q1w2e3r4  intial pssword
11q2e3r5  "too similar"
11a2e2r4  success

Expected results:

PASSWD    CHANGE RESULTS
======    ==============
q1w2e3r4  intial pssword
11q2e3r5  success
11a2e2r4  success

Additional info:

The fix for this went into PAM 0.78 from PAM bugzilla 1010142 

* http://sourceforge.net/tracker/index.php?func=detai
le&aid=1010142&group_id=6663&atid=106663

RHEL5 behaves properly as it contains this fix already in PAM 0.99.
Comment 1 Jose Plans 2007-08-30 10:20:40 EDT
Created attachment 181141 [details]
pam_cracklib-last_char.patch
Comment 9 Jose Plans 2007-09-01 15:20:25 EDT
Created attachment 184561 [details]
patch fixing typo

-    if ((j == 0) || (strlen(new) < i)) {
+    if ((j == 0) || (strlen(new) < j)) {
Comment 12 Jan Lieskovsky 2007-09-05 07:57:32 EDT
Providing testing && QA information related to this one:

Was able to reproduce this issue && will be able to retest the whole
RHSA-2007:0737 advisory in case of need (to include this one) -> Moving
to assigned.
Comment 22 errata-xmlrpc 2007-11-15 10:03:31 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0737.html

Note You need to log in before you can comment on or make changes to this bug.