Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 3029 - pam fails on empty passwords.
pam fails on empty passwords.
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Cristian Gafton
: 3024 4060 6085 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 1999-05-25 05:32 EDT by Han-Wen Nienhuys
Modified: 2008-05-01 11:37 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-02-05 15:16:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Han-Wen Nienhuys 1999-05-25 05:32:19 EDT
PAM 0.66-18 does not allow empty password fields in
/etc/passwd (as installed out of the box) Logging
in does not work, and setting the password  also fails.
Comment 1 Dale Lovelace 1999-05-27 17:35:59 EDT
*** Bug 3024 has been marked as a duplicate of this bug. ***

It is not possible to log in with a blank password.

This is problem if you forget the root password, boot
into single user mode and reset the password.

I do not use shadow passwords.

It seems as if the nullok option from pam_pwdb is ignored.
Comment 2 Benjamin Gilbert 1999-07-18 13:02:59 EDT
Is there a workaround so that users with null passwords can at least log in?  Is this going to get fixed?
Comment 3 Göran Uddeborg 1999-07-27 07:17:59 EDT
A workaround is to use shadow passwords.
Comment 4 Michael K. Johnson 1999-08-02 12:16:59 EDT
*** Bug 4060 has been marked as a duplicate of this bug. ***

With shadowing turned off, setting a zero-length password
seems to corrupt the password data-base.  Whether I do it by
editing /etc/passwd, or using passwd as root, the user is
unable to log on.  Furthermore, even if root runs passwd
again to set a non-null password, that user remains hosed.

------- Additional Comments From johnsonm@redhat.com  07/30/99 17:10 -------
I cannot reproduce this.  Are you using NIS or some other form of
authentication besides /etc/passwd?  A non-root user cannot set a
null password with the passwd command; perhaps the old password is
still in force for you?

------- Additional Comments From johnsonm@redhat.com  08/02/99 12:14 -------
OK, 3029 does look like the same report...
Comment 5 bart.durinck 1999-08-04 19:15:59 EDT
Same prob here.
The work-around of using shadow passwd is NOK if you have NIS and Sun
clients :-(
But now for the good news :-) I think I found a fix. It's in pwdb (not
pam) I'll submit it in a moment.
Thanks to <balajir@research.nj.nec.com>, his "Re: cannot log in: 6.0
upgrade broke PAM / pwdb" in linux.redhat.install got me on the right
Comment 6 Bill Nottingham 1999-10-19 12:13:59 EDT
*** Bug 6085 has been marked as a duplicate of this bug. ***

If shadow passwords are not being used on a system, the
following things do not seem to work properly

1) logging in if you have an empty password. pam_pwdb
reports 'get passwd; pwdb: request not recognized' in syslog
2) changing  or deleting the password of an entity that
currently does not have a password (either an 'empty
password' or 'no password'). passwd reports success, but the
contents of /etc/passwd are not changed
Comment 7 Bill Nottingham 2000-02-05 15:16:59 EST
This should be fixed in the latest pam and pwdb packages in Raw Hide.

Note You need to log in before you can comment on or make changes to this bug.