Red Hat Bugzilla – Bug 84967
user creation, does not create a secure password
Last modified: 2008-05-01 11:38:05 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; H010818)
Description of problem:
In the Red Hat User Manager, when I create a new user with this tool, the
passwords act strange. I can log out, and login with the new username, and
here is what happens:
The password I entered for the new user, user1, was GH543en1!
The first time I logged in, I accidentally forgot the ! at the end, thus I only
typed 8 of the 9 characters as GH543en1, but I was allowed to login!
The 2nd time I logged in, I typed it correctly as GH543en1!, and was allowed to
login as expected.
Then, I tried to login as user1 with password as GH543en1!asdf;iolh (or any
other random sequence beyond the GH543en1) and I was able to login.
BTW, when I changed the password at the command line, no problem, solid as a
rock. Everything at login acted as expected, no random characters allowed,
etc. MD5 was enabled as it is by default during installation.
Version-Release number of selected component (if applicable):
I'm seeing this also. Noticed it during my RHCE class today on a 8.0 system, and
it's still the same with the latest from rawhide/RHL 9
Another thing that's kindof strange is that doing this:
- useradd foobar
- change full name in redhat-config-users
- use 'chage -M 2 foobar' to set password expiry
gives the user no warning about the expiry
but using 'useradd -c "Full Name" foobar; chage -M 2 foobar' will make it pop up
the warning on login.
Seems like there's some discrepancies when it comes to gui behaving the same as
the command line tools.
dmcdowell, I'm not seeing this behavior with redhat-config-users-1.1.5-7, which
is what shipped with RHL 9. Please reopen this bug if you still see this
behavior with the new version.
Kjartan, are you sure you're seeing the exact same problem with 1.1.5-7?