[Bug 816401] New: (ch)passwd reject empty password
https://bugzilla.novell.com/show_bug.cgi?id=816401 https://bugzilla.novell.com/show_bug.cgi?id=816401#c0 Summary: (ch)passwd reject empty password Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Yarny@public-files.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 Setting an empty password (with passwd or chpasswd) for an account fails. Reproducible: Always Steps to Reproduce: As root: $ useradd -m testuser $ chpasswd <<< "testuser:" Actual Results: No password supplied chpasswd: (user testuser) pam_chauthtok() failed, error: Authentication token manipulation error chpasswd: (line 1, user testuser) password not changed /etc/pam.d/common-password reads, without comments,
password requisite pam_cracklib.so password optional pam_gnome_keyring.so use_authtok password required pam_unix.so use_authtok nullok shadow try_first_pass debug
The corresponding output in the systemd journal reads
pam_unix(chpasswd:chauthtok): username [testuser] obtained gkr-pam: couldn't update the login keyring password: no old password was entered pam_unix(chpasswd:chauthtok): username [testuser] obtained pam_unix(chpasswd:chauthtok): bad authentication token pam_unix(chpasswd:chauthtok): password - new password not obtained
I tested with a fully updated openSUSE 12.3, running inside VirtualBox (hosted by openSUSE 12.2). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=816401 https://bugzilla.novell.com/show_bug.cgi?id=816401#c FeiXiang Zhang <fxzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |kukuk@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=816401 https://bugzilla.novell.com/show_bug.cgi?id=816401#c1 Thorsten Kukuk <kukuk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #1 from Thorsten Kukuk <kukuk@suse.com> 2013-04-23 08:55:48 UTC --- Correct, neither chpasswd nor pam_unix like to get no password as input. But I don't understand why you want to replace an empty password with an empty password. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=816401 https://bugzilla.novell.com/show_bug.cgi?id=816401#c2 --- Comment #2 from Yarny Yarny <Yarny@public-files.de> 2013-04-23 09:35:28 UTC ---
But I don't understand why you want to replace an empty password with an empty password. I cannot log into new accounts without setting a password first. So in the test case above I'm actually changing my password from <not defined> to "". As I understand the pam_unix man page, empty passwords should be allowed, at least with the "nullok" argument.
This bug is a regression since empty passwords are working fine in openSUSE 12.2. Debian seems to suffer from the same issue: <http://bugs.debian.org/660865> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com