Bug 84967 - user creation, does not create a secure password
Summary: user creation, does not create a secure password
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-users
Version: 8.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Brent Fox
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2003-02-24 14:37 UTC by Need Real Name
Modified: 2008-05-01 15:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-04-03 20:06:11 UTC

Attachments (Terms of Use)

Description Need Real Name 2003-02-24 14:37:09 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; H010818)

Description of problem:
In the Red Hat User Manager, when I create a new user with this tool, the 
passwords act strange.  I can log out, and login with the new username, and 
here is what happens:

The password I entered for the new user, user1, was GH543en1!

The first time I logged in, I accidentally forgot the ! at the end, thus I only 
typed 8 of the 9 characters as GH543en1, but I was allowed to login!

The 2nd time I logged in, I typed it correctly as GH543en1!, and was allowed to 
login as expected.

Then, I tried to login as user1 with password as GH543en1!asdf;iolh (or any 
other random sequence beyond the GH543en1) and I was able to login.

BTW, when I changed the password at the command line, no problem, solid as a 
rock.  Everything at login acted as expected, no random characters allowed, 
etc.  MD5 was enabled as it is by default during installation.

Version-Release number of selected component (if applicable):

How reproducible:
Didn't try

Additional info:

Comment 1 Kjartan Maraas 2003-03-31 18:05:18 UTC
I'm seeing this also. Noticed it during my RHCE class today on a 8.0 system, and
it's still the same with the latest from rawhide/RHL 9

Another thing that's kindof strange is that doing this:

- useradd foobar
- change full name in redhat-config-users
- use 'chage -M 2 foobar' to set password expiry

gives the user no warning about the expiry

but using 'useradd -c "Full Name" foobar; chage -M 2 foobar' will make it pop up
the warning on login.

Seems like there's some discrepancies when it comes to gui behaving the same as
the command line tools.

Comment 2 Brent Fox 2003-04-03 20:06:11 UTC
dmcdowell, I'm not seeing this behavior with redhat-config-users-1.1.5-7, which
is what shipped with RHL 9.  Please reopen this bug if you still see this
behavior with the new version.

Kjartan, are you sure you're seeing the exact same problem with 1.1.5-7?  

Note You need to log in before you can comment on or make changes to this bug.