Bug 50356 - Failed changing password at login induced by pw expiration
Summary: Failed changing password at login induced by pw expiration
Keywords:
Status: CLOSED DUPLICATE of bug 49613
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam
Version: 7.1
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-07-30 18:47 UTC by ccapelik
Modified: 2007-04-18 16:35 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-07-30 18:47:49 UTC
Embargoed:


Attachments (Terms of Use)

Description ccapelik 2001-07-30 18:47:45 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3-12smp i686)

Description of problem:
Senario:

Root created new user "chiptest" via useradd.
Root created this user's passwd.
Root used chage to cause it to expire.
Allow user to login with given pw and system forces change password.
No matter what new pw user chooses, login/pam fails to allow change.
Note: I used mkpasswd to generate a random pw in below examples.
Root re-enables chage to not cause user's pw to be expired.
User logins in ok.
User runs passwd to change pw successfully.

Problem seems repeatable.

--
The problem:

showme<ccapelik>64$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Red Hat Linux release 7.1 (Seawolf)
Kernel 2.4.3-12smp on an i686
login: chiptest
Password:
You are required to change your password immediately (password aged)
Changing password for chiptest
(current) UNIX password:
New UNIX password:
BAD PASSWORD: is too simple
New UNIX password:
BAD PASSWORD: is too simple
New UNIX password:
BAD PASSWORD: is too simple

Authentication token manipulation error
Connection closed by foreign host.

--
Although this work for same user:

[chiptest@showme chiptest]$ passwd
Changing password for chiptest
(current) UNIX password:
New UNIX password:
BAD PASSWORD: it is based on your username
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

[chiptest@showme chiptest]$ passwd
Changing password for chiptest
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
[chiptest@showme chiptest]$

--
Some messages:

+ egrep -i auth /var/log/messages
Jul 30 08:47:27 showme login(pam_unix)[31437]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost  user=chiptest
Jul 30 08:47:29 showme login[31437]: Authentication token manipulation
error
Jul 30 08:47:33 showme login(pam_unix)[31440]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost
Jul 30 08:47:35 showme login[31440]: FAILED LOGIN 1 FROM localhost FOR 
chip, Authentication failure
Jul 30 08:47:38 showme login(pam_unix)[31440]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost
Jul 30 08:47:40 showme login[31440]: FAILED LOGIN 2 FROM localhost FOR est, 
Authentication failure
Jul 30 08:48:05 showme login[31440]: Authentication token manipulation
error
Jul 30 08:48:45 showme login[31443]: Authentication token manipulation
error
Jul 30 08:49:30 showme login[31446]: Authentication token manipulation
error
Jul 30 08:51:19 showme login(pam_unix)[31467]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost  user=chiptest
Jul 30 08:51:21 showme login[31467]: FAILED LOGIN 1 FROM localhost FOR 
chiptest, Authentication failure
Jul 30 08:51:53 showme login[31467]: Authentication token manipulation
error
Jul 30 08:52:40 showme login[31479]: Authentication token manipulation
error
Jul 30 08:57:57 showme login[32650]: Authentication token manipulation
error
Jul 30 09:00:29 showme login[32665]: Authentication token manipulation
error




How reproducible:
Always

Steps to Reproduce:
Senario:

Root created new user "chiptest" via useradd.
Root created this user's passwd.
Root used chage to cause it to expire.
Allow user to login with given pw and system forces change password.
No matter what new pw user chooses, login/pam fails to allow change.
Note: I used mkpasswd to generate a random pw in below examples.
Root re-enables chage to not cause user's pw to be expired.
User logins in ok.
User runs passwd to change pw successfully.

Actual Results:  User cannot change an expired password during login
whereas user can successfully issue the passwd to do so.

Expected Results:  User should be able to change expired pw during login.

Additional info:

Comment 1 Nalin Dahyabhai 2001-09-13 19:50:07 UTC
This looks like a duplicate of #49613.

*** This bug has been marked as a duplicate of 49613 ***


Note You need to log in before you can comment on or make changes to this bug.