To reproduce: * As a simple local, unprivileged, user, run passwd (or userpasswd). * Authenticate using your current password * Enter a weak password (e.g. "root", or a longer dictionary word) * Persistently ignore the error message, and keep entering the weak password Actual results: Eventually the prompt is again "Password:" (not "New password:"); after entering the weak password again, passwd terminates, correctly complaining about exhausting maximum retries. Nevertheless, the following appears in /var/log/secure: "userhelper[25614]: gkr-pam: couldn't change password for the login keyring: the passwords didn't match." This (and the "Password:") prompt seem to indicate that the pam_unix failure didn't lead to aborting the operations, and pam_gnome_keyring was activated. Expected results: Eventual termination, complaining about exhausting maximum retries. No "Password:" prompt, nothing related to gnome-keyring.
The prompting should stop at pam_cracklib in the system-auth substack. However the pam_gnome_keyring currently incorrectly ignores the use_authtok option and prompts for password as it does not have PAM_AUTHTOK set when it is executed. I still have to add the use_authtok option to the /etc/pam.d/passwd configuration however pam_gnome_keyring must support it for the fix to work.
passwd-0.77-5.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/passwd-0.77-5.fc13
passwd-0.77-5.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update passwd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/passwd-0.77-5.fc13
passwd-0.77-5.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.