Bug 84967 - user creation, does not create a secure password
user creation, does not create a secure password
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-users (Show other bugs)
8.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-24 09:37 EST by Need Real Name
Modified: 2008-05-01 11:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-04-03 15:06:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2003-02-24 09:37:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; H010818)

Description of problem:
In the Red Hat User Manager, when I create a new user with this tool, the 
passwords act strange.  I can log out, and login with the new username, and 
here is what happens:

The password I entered for the new user, user1, was GH543en1!

The first time I logged in, I accidentally forgot the ! at the end, thus I only 
typed 8 of the 9 characters as GH543en1, but I was allowed to login!

The 2nd time I logged in, I typed it correctly as GH543en1!, and was allowed to 
login as expected.

Then, I tried to login as user1 with password as GH543en1!asdf;iolh (or any 
other random sequence beyond the GH543en1) and I was able to login.

BTW, when I changed the password at the command line, no problem, solid as a 
rock.  Everything at login acted as expected, no random characters allowed, 
etc.  MD5 was enabled as it is by default during installation.

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Kjartan Maraas 2003-03-31 13:05:18 EST
I'm seeing this also. Noticed it during my RHCE class today on a 8.0 system, and
it's still the same with the latest from rawhide/RHL 9

Another thing that's kindof strange is that doing this:

- useradd foobar
- change full name in redhat-config-users
- use 'chage -M 2 foobar' to set password expiry

gives the user no warning about the expiry

but using 'useradd -c "Full Name" foobar; chage -M 2 foobar' will make it pop up
the warning on login.

Seems like there's some discrepancies when it comes to gui behaving the same as
the command line tools.
Comment 2 Brent Fox 2003-04-03 15:06:11 EST
dmcdowell, I'm not seeing this behavior with redhat-config-users-1.1.5-7, which
is what shipped with RHL 9.  Please reopen this bug if you still see this
behavior with the new version.

Kjartan, are you sure you're seeing the exact same problem with 1.1.5-7?  

Note You need to log in before you can comment on or make changes to this bug.