Bug 50356 - Failed changing password at login induced by pw expiration
Failed changing password at login induced by pw expiration
Status: CLOSED DUPLICATE of bug 49613
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
7.1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-30 14:47 EDT by ccapelik
Modified: 2007-04-18 12:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-30 14:47:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description ccapelik 2001-07-30 14:47:45 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3-12smp i686)

Description of problem:
Senario:

Root created new user "chiptest" via useradd.
Root created this user's passwd.
Root used chage to cause it to expire.
Allow user to login with given pw and system forces change password.
No matter what new pw user chooses, login/pam fails to allow change.
Note: I used mkpasswd to generate a random pw in below examples.
Root re-enables chage to not cause user's pw to be expired.
User logins in ok.
User runs passwd to change pw successfully.

Problem seems repeatable.

--
The problem:

showme<ccapelik>64$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Red Hat Linux release 7.1 (Seawolf)
Kernel 2.4.3-12smp on an i686
login: chiptest
Password:
You are required to change your password immediately (password aged)
Changing password for chiptest
(current) UNIX password:
New UNIX password:
BAD PASSWORD: is too simple
New UNIX password:
BAD PASSWORD: is too simple
New UNIX password:
BAD PASSWORD: is too simple

Authentication token manipulation error
Connection closed by foreign host.

--
Although this work for same user:

[chiptest@showme chiptest]$ passwd
Changing password for chiptest
(current) UNIX password:
New UNIX password:
BAD PASSWORD: it is based on your username
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

[chiptest@showme chiptest]$ passwd
Changing password for chiptest
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
[chiptest@showme chiptest]$

--
Some messages:

+ egrep -i auth /var/log/messages
Jul 30 08:47:27 showme login(pam_unix)[31437]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost  user=chiptest
Jul 30 08:47:29 showme login[31437]: Authentication token manipulation
error
Jul 30 08:47:33 showme login(pam_unix)[31440]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost
Jul 30 08:47:35 showme login[31440]: FAILED LOGIN 1 FROM localhost FOR 
chip, Authentication failure
Jul 30 08:47:38 showme login(pam_unix)[31440]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost
Jul 30 08:47:40 showme login[31440]: FAILED LOGIN 2 FROM localhost FOR est, 
Authentication failure
Jul 30 08:48:05 showme login[31440]: Authentication token manipulation
error
Jul 30 08:48:45 showme login[31443]: Authentication token manipulation
error
Jul 30 08:49:30 showme login[31446]: Authentication token manipulation
error
Jul 30 08:51:19 showme login(pam_unix)[31467]: authentication failure;
logname= 
uid=0 euid=0 tty=pts/14 ruser= rhost=localhost  user=chiptest
Jul 30 08:51:21 showme login[31467]: FAILED LOGIN 1 FROM localhost FOR 
chiptest, Authentication failure
Jul 30 08:51:53 showme login[31467]: Authentication token manipulation
error
Jul 30 08:52:40 showme login[31479]: Authentication token manipulation
error
Jul 30 08:57:57 showme login[32650]: Authentication token manipulation
error
Jul 30 09:00:29 showme login[32665]: Authentication token manipulation
error




How reproducible:
Always

Steps to Reproduce:
Senario:

Root created new user "chiptest" via useradd.
Root created this user's passwd.
Root used chage to cause it to expire.
Allow user to login with given pw and system forces change password.
No matter what new pw user chooses, login/pam fails to allow change.
Note: I used mkpasswd to generate a random pw in below examples.
Root re-enables chage to not cause user's pw to be expired.
User logins in ok.
User runs passwd to change pw successfully.

Actual Results:  User cannot change an expired password during login
whereas user can successfully issue the passwd to do so.

Expected Results:  User should be able to change expired pw during login.

Additional info:
Comment 1 Nalin Dahyabhai 2001-09-13 15:50:07 EDT
This looks like a duplicate of #49613.

*** This bug has been marked as a duplicate of 49613 ***

Note You need to log in before you can comment on or make changes to this bug.