Bug 852391 - No way to disable some password checks when using pam_cracklib module
No way to disable some password checks when using pam_cracklib module
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pam (Show other bugs)
6.1
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-28 07:21 EDT by Athar
Modified: 2014-11-11 03:13 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-11-11 03:13:25 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Athar 2012-08-28 07:21:51 EDT
Description of problem:

There is no way to disable following password checks for non-root user :

$ passwd
Changing password for user test.
Changing password for test.
(current) UNIX password: 
New password: 
BAD PASSWORD: is rotated
New password: 
BAD PASSWORD: it is too simplistic/systematic
New password: 
BAD PASSWORD: is a palindrome


Version-Release number of selected component (if applicable):


How reproducible: Always


Steps to Reproduce:
1. Create a test user on Linux.
2. Login as test and try to change its password.
3. Tried following passwords which result in an error :

New password: 
BAD PASSWORD: is rotated                           << Old password : Newpassw0rd , New password : dNewpassw0r
New password: 
BAD PASSWORD: it is too simplistic/systematic      << abcd123
New password: 
BAD PASSWORD: is a palindrome                      << deesawaseed

Contents of system-auth file are :

password    requisite     pam_cracklib.so try_first_pass retry=3 minlen=6 dcredit=0 lcredit=0 ocredit=0 ucredit=0 maxrepeat=0 difok=0
password    required      pam_pwhistory.so enforce_for_root remember=3 use_authtok
password    sufficient    pam_unix.so md5 shadow try_first_pass use_authtok
password    required      pam_deny.so
  
Actual results:

There is no way available to disable the above password checks.

Additional info:
Comment 2 Tomas Mraz 2012-08-28 08:13:31 EDT
Please use the regular support channels to request this enhancement. Otherwise the request cannot be properly prioritized.

See http://www.redhat.com/support/ for details.
Comment 3 Tom Lavigne 2012-09-07 11:26:31 EDT
This request was evaluated by Red Hat Product Management for 
inclusion in the current release of Red Hat Enterprise Linux.
Since we are unable to provide this feature at this time,  
it has been proposed for the next release of 
Red Hat Enterprise Linux.
Comment 4 RHEL Product and Program Management 2013-10-14 00:49:32 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 Athar 2014-11-11 00:18:16 EST
This is not desired any more.

Note You need to log in before you can comment on or make changes to this bug.