Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Created attachment 510736[details]
universal diff - fixes the README
Description of problem:
The file "/etc/pam.d/system-auth" contains a line for pam_cracklib:
'password requisite pam_cracklib.so try_first_pass retry=3 type='
The last part of the line with 'type=' is not properly documented.
Take a look at pam_cracklib(8), you will NOT find that documented.
You will see something called 'authtok_type=XXX', which is the same as 'type=XXX'.
Tested this!
Both 'type=HURR_DURR' and 'authtok_type=HURR_DURR' cause the passwd program to output the "HURR_DURR" string.
[freaknasty@bluesky ~]$ passwd
Changing password for user freaknasty.
New HURR-DURR password:
It's utterly trivial, but one is documented, and the other is not. Considering this *IS* pam.d, and mistakes can be fatal, I humbly request this be documented.
Research indicates that RHEL 5.6 pam_cracklib(8) manual still documents the 'type=XXX' old-school style. Somewhere along the line the manual page changed.
Version-Release number of selected component (if applicable): rhel6.1
How reproducible: always
Steps to Reproduce:
1. man 8 pam_cracklib
2. vi /etc/pam.d/system-auth
3.
Actual results: depreciated and un-documented features are working. People wondering WTF is 'type='.
Expected results: both are documented, or the depreciated 'type=' is made to not work?
Additional info:
Let's just update the docs, so people can keep using old pam.d configs.
Attaching a universal diff with my really bad documentation update to the README file. A PRO technical writer should look at this. If however this is found to be acceptable, I'd be happy to make an update to the man page too. Just let me know, I'll attach patches to this BZ.
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Created attachment 510736 [details] universal diff - fixes the README Description of problem: The file "/etc/pam.d/system-auth" contains a line for pam_cracklib: 'password requisite pam_cracklib.so try_first_pass retry=3 type=' The last part of the line with 'type=' is not properly documented. Take a look at pam_cracklib(8), you will NOT find that documented. You will see something called 'authtok_type=XXX', which is the same as 'type=XXX'. Tested this! Both 'type=HURR_DURR' and 'authtok_type=HURR_DURR' cause the passwd program to output the "HURR_DURR" string. [freaknasty@bluesky ~]$ passwd Changing password for user freaknasty. New HURR-DURR password: It's utterly trivial, but one is documented, and the other is not. Considering this *IS* pam.d, and mistakes can be fatal, I humbly request this be documented. Research indicates that RHEL 5.6 pam_cracklib(8) manual still documents the 'type=XXX' old-school style. Somewhere along the line the manual page changed. Version-Release number of selected component (if applicable): rhel6.1 How reproducible: always Steps to Reproduce: 1. man 8 pam_cracklib 2. vi /etc/pam.d/system-auth 3. Actual results: depreciated and un-documented features are working. People wondering WTF is 'type='. Expected results: both are documented, or the depreciated 'type=' is made to not work? Additional info: Let's just update the docs, so people can keep using old pam.d configs. Attaching a universal diff with my really bad documentation update to the README file. A PRO technical writer should look at this. If however this is found to be acceptable, I'd be happy to make an update to the man page too. Just let me know, I'll attach patches to this BZ.