Bug 267201 - pam_cracklib.so disregards changes to last char when calculating similarity
pam_cracklib.so disregards changes to last char when calculating similarity
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam (Show other bugs)
All All
high Severity high
: ---
: ---
Assigned To: Tomas Mraz
Jan Lieskovsky
Depends On:
  Show dependency treegraph
Reported: 2007-08-30 10:20 EDT by Jose Plans
Modified: 2010-10-22 14:14 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2007-0737
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-15 10:03:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
pam_cracklib-last_char.patch (535 bytes, patch)
2007-08-30 10:20 EDT, Jose Plans
no flags Details | Diff
patch fixing typo (535 bytes, patch)
2007-09-01 15:20 EDT, Jose Plans
no flags Details | Diff

  None (edit)
Description Jose Plans 2007-08-30 10:20:39 EDT
Description of problem: 

If difok=2 and a password change is attempted with only changes to the first and
last char pam_cracklib will say the passwords are "too similar" wherea s the
change should be accepted.

How reproducible:

RHEL4 (any update, including 5)
pam-0.77-66.17 (any pam 0.77 rpm for RHEL4)

  passwd requisite /lib/security/$ISA/pam_cracklib.so debug retry=3 difok=3
in /etc/pam.d/system-auth

Steps to Reproduce:

use passwd to change a users password.

Actual results:

======    ==============
q1w2e3r4  intial pssword
11q2e3r5  "too similar"
11a2e2r4  success

Expected results:

======    ==============
q1w2e3r4  intial pssword
11q2e3r5  success
11a2e2r4  success

Additional info:

The fix for this went into PAM 0.78 from PAM bugzilla 1010142 

* http://sourceforge.net/tracker/index.php?func=detai

RHEL5 behaves properly as it contains this fix already in PAM 0.99.
Comment 1 Jose Plans 2007-08-30 10:20:40 EDT
Created attachment 181141 [details]
Comment 9 Jose Plans 2007-09-01 15:20:25 EDT
Created attachment 184561 [details]
patch fixing typo

-    if ((j == 0) || (strlen(new) < i)) {
+    if ((j == 0) || (strlen(new) < j)) {
Comment 12 Jan Lieskovsky 2007-09-05 07:57:32 EDT
Providing testing && QA information related to this one:

Was able to reproduce this issue && will be able to retest the whole
RHSA-2007:0737 advisory in case of need (to include this one) -> Moving
to assigned.
Comment 22 errata-xmlrpc 2007-11-15 10:03:31 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.