Bug 485175 - Fedora 11 alpha: firstboot / system-config-display displays waring to complex password
Fedora 11 alpha: firstboot / system-config-display displays waring to complex...
Status: CLOSED DUPLICATE of bug 484303
Product: Fedora
Classification: Fedora
Component: system-config-users (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Nils Philippsen
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-02-11 23:19 EST by Masakazu Takahashi
Modified: 2009-02-12 04:01 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-12 04:01:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Message Box (12.88 KB, image/png)
2009-02-12 00:39 EST, Masakazu Takahashi
no flags Details

  None (edit)
Description Masakazu Takahashi 2009-02-11 23:19:07 EST
Description of problem:

When creating a new user, I entered a complex (not simple) password.
But warning message is appeard.
Also, password string is displayed instead of error message.

Version-Release number of selected component (if applicable):

- system-config-users-1.2.84-1.fc11
- cracklib-2.8.13-2
- cracklib-python-2.8.13-2

How reproducible:

Every time.

Steps to Reproduce:

* fastboot case
1. Install Fedora 11 alpha with default packages
2. Reboot computer and run fastboot automatically
3. When creating users, enter complex passsword and click
   [Forward] button

* system-config-users case
1. Run system-config-users
2. Click [Add User] button
3. Enter complex passsword and click [OK] button

Actual results:

Message dialog appears, and says "THe chosen password is too 
weak: <password>.  Do you want to use it anyway?"

(<password> is the password string I entered)

See attachment, too.

Expected results:

No messages to be shown.

Additional info:

  I suppose like following:

  In isPasswordOk() in userGroupCheck.py (system-config-users), 
check that cracklib is installed and call cracklib.FascistCheck().
Like following:

        clerror = cracklib.FascistCheck (str)
    except ValueError, e:
        clerror = e.message

    if clerror:
        # translate error message
        clerror = cracklib_i18n.gettext (clerror)
        rc = messageDialog.show_confirm_dialog (_("The chosen password is too weak: %s. Do you want to use it anyway?") % clerror)

  But, online reference of python crack says:

"First, it always returns the given passwd. If it is found to be weak 
ValueError exception is raised with parameter set to the reason 
returned by cracklib's FascistCheck. "

( http://www.nongnu.org/python-crack/doc/crack-api.html )

  So, password string is set to clerror, step in to if statement, 
and displays password string to message dialog.

(Maybe changed between cracklib-2.8.12 and cracklib-2.8.13?)
Comment 1 Masakazu Takahashi 2009-02-12 00:39:25 EST
Created attachment 331657 [details]
Message Box
Comment 2 Nils Philippsen 2009-02-12 04:01:54 EST

*** This bug has been marked as a duplicate of bug 484303 ***

Note You need to log in before you can comment on or make changes to this bug.