Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 49613 - Password validation on forced password change
Password validation on forced password change
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
: 50356 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2001-07-21 12:08 EDT by Bill Greene
Modified: 2007-04-18 12:34 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-07-21 12:08:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2001:149 normal SHIPPED_LIVE Updated pam and usermode packages available 2001-11-02 00:00:00 EST

  None (edit)
Description Bill Greene 2001-07-21 12:08:50 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)

Description of problem:
I am trying to force users to change their passwords by setting the
password age, specifically:

	chage -d0 testuser

When I login as testuser, I am asked to change password.  If the
password is too short, has too many repeats, is too close to the
current password, or is a dictionary word, I get the appropriate
message.  So far, so good.

However, if I put in something that "should" work (e.g., "fred&ethel"
or "Mxy!PtZ%lK*"), I get a "too simple" error.  This *only* happens
with the forced password change on login -- if I am logged in as
testuser, I can change the password to either of those values with no

Also, this happens on RH 7.1, but not 7.0 or 6.2, both of which work
as I would expect.

How reproducible:

Steps to Reproduce:
1.force password change on login (chage -d0 testuser)
2.login and try to set password (e.g., Mxy!PtZ%lK*) 

Actual Results:  Get "bad password - too simple"

Expected Results:  should have changed password

Additional info:
Comment 1 Nalin Dahyabhai 2001-08-30 23:10:21 EDT
This should be fixed in pam-0.75-11 and later.  Please reopen this bug ID if you
find that this is not the case.  Thanks!
Comment 2 Nalin Dahyabhai 2001-09-13 15:50:02 EDT
*** Bug 50356 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.