Bug 5005 - See bug 3281
See bug 3281
Status: CLOSED NEXTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: passwd (Show other bugs)
6.0
All Linux
low Severity low
: ---
: ---
Assigned To: Cristian Gafton
:
: 3281 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-09-08 21:22 EDT by theman
Modified: 2008-05-01 11:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-09-20 11:06:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description theman 1999-09-08 21:22:32 EDT
This bug may be filed as resolved, but the bug itself still
exists. Requiring somebody who is already root to
hand-modify the passwd file to have "!!" for any user who
doesn't already have a password is completely foolish.
Nobody in their right mind wants this kind of restriction.
Bottom line: as root, running passwd on a user should ALWAYS
succeed, replacing ANY existing contents with the new
crypted password. If you want to annoy "enterprise" class
admins, this is a fine way to do it. Not everyone wants to
use whatever your utility is _this particular release_ to
change users' passwords. Especially when wc -l passwd ==
3000.
Comment 1 Jeff Johnson 1999-09-09 09:26:59 EDT
*** Bug 3281 has been marked as a duplicate of this bug. ***

Am I going crazy?  I installed Red Hat 6.0 (`Everything'),
all was well, I logged in as root on the console, typed
passwd operator to enable a non-root account, it said
  passwd: all authentication tokens updated successfully
but /etc/passwd didn't actually change, the password was
still *.  I tried several different passwords.

I did not enable MD5 passwords or NIS+ on the new setup
screen at the end.

This is not peculiar to operator.  For example, I just tried
passwd bin (another account with a * password), used
jac:jil! for the password, and /etc/passwd didn't change
despite the success message.


------- Additional Comments From jbj@redhat.com  06/05/99 11:12 -------
Change the password field from '*' to '!!' and you will be able to
change the password.

------- Additional Comments From theman@cs.unr.edu  09/08/99 21:17 -------
This is not reasonable. No other unix does anything this stupid. Root
using passwd to change the entry should ALWAYS work, no matter the
existing contents. WHAT THE HELL WERE YOU THINKING?
Comment 2 Cristian Gafton 1999-09-20 11:06:59 EDT
It will be fixed in the next release. The passwd of the accound does
not change (the account still remains locked), so I fail to see why
this is a Security/High bug.

Note You need to log in before you can comment on or make changes to this bug.