Bug 49613 - Password validation on forced password change
Summary: Password validation on forced password change
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
(Show other bugs)
Version: 7.1
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords:
: 50356 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-07-21 16:08 UTC by Bill Greene
Modified: 2007-04-18 16:34 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-21 16:08:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2001:149 normal SHIPPED_LIVE Updated pam and usermode packages available 2001-11-02 05:00:00 UTC

Description Bill Greene 2001-07-21 16:08:50 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)

Description of problem:
I am trying to force users to change their passwords by setting the
password age, specifically:

	chage -d0 testuser

When I login as testuser, I am asked to change password.  If the
password is too short, has too many repeats, is too close to the
current password, or is a dictionary word, I get the appropriate
message.  So far, so good.

However, if I put in something that "should" work (e.g., "fred&ethel"
or "Mxy!PtZ%lK*"), I get a "too simple" error.  This *only* happens
with the forced password change on login -- if I am logged in as
testuser, I can change the password to either of those values with no
problem.

Also, this happens on RH 7.1, but not 7.0 or 6.2, both of which work
as I would expect.

How reproducible:
Always

Steps to Reproduce:
1.force password change on login (chage -d0 testuser)
2.login and try to set password (e.g., Mxy!PtZ%lK*) 
3.
	

Actual Results:  Get "bad password - too simple"

Expected Results:  should have changed password

Additional info:

Comment 1 Nalin Dahyabhai 2001-08-31 03:10:21 UTC
This should be fixed in pam-0.75-11 and later.  Please reopen this bug ID if you
find that this is not the case.  Thanks!

Comment 2 Nalin Dahyabhai 2001-09-13 19:50:02 UTC
*** Bug 50356 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.