Red Hat Bugzilla – Bug 3029
pam fails on empty passwords.
Last modified: 2008-05-01 11:37:50 EDT
PAM 0.66-18 does not allow empty password fields in
/etc/passwd (as installed out of the box) Logging
in does not work, and setting the password also fails.
*** Bug 3024 has been marked as a duplicate of this bug. ***
It is not possible to log in with a blank password.
This is problem if you forget the root password, boot
into single user mode and reset the password.
I do not use shadow passwords.
It seems as if the nullok option from pam_pwdb is ignored.
Is there a workaround so that users with null passwords can at least log in? Is this going to get fixed?
A workaround is to use shadow passwords.
*** Bug 4060 has been marked as a duplicate of this bug. ***
With shadowing turned off, setting a zero-length password
seems to corrupt the password data-base. Whether I do it by
editing /etc/passwd, or using passwd as root, the user is
unable to log on. Furthermore, even if root runs passwd
again to set a non-null password, that user remains hosed.
------- Additional Comments From firstname.lastname@example.org 07/30/99 17:10 -------
I cannot reproduce this. Are you using NIS or some other form of
authentication besides /etc/passwd? A non-root user cannot set a
null password with the passwd command; perhaps the old password is
still in force for you?
------- Additional Comments From email@example.com 08/02/99 12:14 -------
OK, 3029 does look like the same report...
Same prob here.
The work-around of using shadow passwd is NOK if you have NIS and Sun
But now for the good news :-) I think I found a fix. It's in pwdb (not
pam) I'll submit it in a moment.
Thanks to <firstname.lastname@example.org>, his "Re: cannot log in: 6.0
upgrade broke PAM / pwdb" in linux.redhat.install got me on the right
*** Bug 6085 has been marked as a duplicate of this bug. ***
If shadow passwords are not being used on a system, the
following things do not seem to work properly
1) logging in if you have an empty password. pam_pwdb
reports 'get passwd; pwdb: request not recognized' in syslog
2) changing or deleting the password of an entity that
currently does not have a password (either an 'empty
password' or 'no password'). passwd reports success, but the
contents of /etc/passwd are not changed
This should be fixed in the latest pam and pwdb packages in Raw Hide.