Bug 981230 - pam_cracklib enforces root password strength if password has expired
pam_cracklib enforces root password strength if password has expired
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pam (Show other bugs)
All Linux
unspecified Severity low
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2013-07-04 05:41 EDT by Joshua Brunner
Modified: 2017-09-22 09:16 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-09-22 09:16:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Joshua Brunner 2013-07-04 05:41:58 EDT
Description of problem:
enforce_for_root=off has no effect, if the root password has expired (using: chage -d0 root)

Version-Release number of selected component (if applicable):
pam 1.1.1-13

How reproducible:
Ensure enforce_for_root=off wich is default.

Steps to Reproduce:
1. login as root
2. chage -d0 root
3. exit
4. login again and try to set a weak password

Actual results:
Password strength will be enforced

Expected results:
Password strength will not be enforced for user root if enforce_for_root is off.
Comment 2 RHEL Product and Program Management 2013-10-13 23:13:01 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 Tomas Mraz 2017-09-22 09:16:38 EDT
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017.  During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:


This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please re-open the BZ and request a re-evaluation of the issue, citing a clear business justification.

Note You need to log in before you can comment on or make changes to this bug.