Red Hat Bugzilla – Bug 49613
Password validation on forced password change
Last modified: 2007-04-18 12:34:59 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)
Description of problem:
I am trying to force users to change their passwords by setting the
password age, specifically:
chage -d0 testuser
When I login as testuser, I am asked to change password. If the
password is too short, has too many repeats, is too close to the
current password, or is a dictionary word, I get the appropriate
message. So far, so good.
However, if I put in something that "should" work (e.g., "fredðel"
or "Mxy!PtZ%lK*"), I get a "too simple" error. This *only* happens
with the forced password change on login -- if I am logged in as
testuser, I can change the password to either of those values with no
Also, this happens on RH 7.1, but not 7.0 or 6.2, both of which work
as I would expect.
Steps to Reproduce:
1.force password change on login (chage -d0 testuser)
2.login and try to set password (e.g., Mxy!PtZ%lK*)
Actual Results: Get "bad password - too simple"
Expected Results: should have changed password
This should be fixed in pam-0.75-11 and later. Please reopen this bug ID if you
find that this is not the case. Thanks!
*** Bug 50356 has been marked as a duplicate of this bug. ***