[Bug 356766] Re: Changing long passwords causes spurious error
I've got 1.1.2-2 and was just bitten by this as well. (Running 11.04) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/356766 Title: Changing long passwords causes spurious error To manage notifications about this bug go to: https://bugs.launchpad.net/base-passwd/+bug/356766/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
It is now May 2011 and this bug is still present in Ubuntu 10.04.2. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/356766 Title: Changing long passwords causes spurious error -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
It isn't going to be fixed in older releases. Upgrade to 11.04. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/356766 Title: Changing long passwords causes spurious error -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
Update: It looks like this fix somehow got left out of version 1.1.1-1 so it got left out of Maverick. It made it into 1.1.2 and works correctly in Natty. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/356766 Title: Changing long passwords causes spurious error -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
I can also confirm this on 10.10, with pam-1.1.1: $ passwd Changing password for jesstess. (current) UNIX password: 12345678aa Enter new UNIX password: 12345678bb Retype new UNIX password: 12345678bb Bad: new password must be different than the old one You'll get this error if the first 8 characters of the old and new passwords are the same. As mentioned in bug #549915, the diff in debian /patches-applied/007_modules_pam_unix adds a pam_unix/obscure.c, including: + if ((msg = password_check(old, new, pwdp)) != NULL) + return msg; + + /* The traditional crypt() truncates passwords to 8 chars. It is + possible to circumvent the above checks by choosing an easy + 8-char password and adding some random characters to it... + Example: password$%^*123. So check it again, this time + truncated to the maximum length. Idea from npasswd. --marekm */ + + if (on(UNIX_HASH_MASK,ctrl)) + return NULL; /* unlimited password length */ + + if (oldlen = 8 newlen = 8) + return NULL; + + new1 = strndup(new,8); + old1 = strndup(old,8); + + msg = password_check(old1, new1, pwdp); So it re-runs password_check on the first 8 characters of your old and new passwords, including a check on if they're the same. I don't know if people would prefer that UNIX_OBSCURE_CHECKS weren't set by default in Ubuntu, or if the message returned after the second password_check indicated that it only applied to the first 8 characters, or some other option. -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
I have this same problem in Lucid and I don't find this bug to be spurious, it always happens if you try to change only the last characters of your password. By the way, let me add that when you try to change your password through the Ubuntu user interface (System - Preferences - About me - Change password) it will never end the task (I think that the error message should be displayed or at least end in some way). -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
I confirm that this bug still exist currently, on lucid -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
I'm not sure this got fixed. I'm running current lucid ii libpam-modules1.1.1-2ubuntu1 Pluggable Authentication Modules for PAM ii libpam-runtime1.1.1-2ubuntu1Runtime support for the PAM library ii libpam0g 1.1.1-2ubuntu1 Pluggable Authentication Modules library and am still seeing the problem. Let me know if I can help debug in any way. -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
The code you cited in bug #549915 is no longer present. If you're still seeing problems, perhaps you could help track down the problem in the current code? -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
This bug was fixed in the package pam - 1.1.1-1ubuntu1 --- pam (1.1.1-1ubuntu1) lucid; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - Make libpam-modules depend on base-files (= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/local/common-{auth,account,password}.md5sums: include the Ubuntu-specific intrepid,jaunty md5sums for use during the common-session-noninteractive upgrade. pam (1.1.1-1) unstable; urgency=low * New upstream version. - restore proper netgroup handling in pam_access. Closes: #567385, LP: #513955. * Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and pam_securetty_tty_check_before_user_check, which are included upstream. * debian/patches/026_pam_unix_passwd_unknown_user: don't return PAM_USER_UNKNOWN on password change of a user that has no shadow entry, upstream now implements auto-creating the shadow entry in this case. * Updated debconf translations: - French, thanks to Jean-Baka Domelevo Entfellner domel...@gmail.com (closes: #547039) - Bulgarian, thanks to Damyan Ivanov d...@debian.org (closes: #562835) * debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can be included directly, without having to include sys/types.h first. Closes: #556203. * Add postgresql-8.3 to the list of services in need of restart on upgrade. Closes: #563674. * And drop postgresql-{7.4,8.1} from the list, neither of which is present in stable. * debian/patches/007_modules_pam_unix: recognize that *all* of the password hashes other than traditional crypt handle passwords 8 chars in length. LP: #356766. -- Steve Langasek vor...@debian.org Mon, 01 Feb 2010 09:55:02 -0800 ** Changed in: pam (Ubuntu) Status: Triaged = Fix Released -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
** Changed in: pam (Ubuntu) Status: New = Confirmed -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
** Also affects: base-passwd Importance: Undecided Status: New ** Changed in: pam (Ubuntu) Status: Confirmed = Invalid -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
Same here in Ubuntu Karmic 9.10 32 bit. If I change a user passwor with passw there are 2 cases: 1) completely different password -- no problem, password is updated correctly 2) long password and new password is equal to old password except for 1 or 2 last characters -- password isn't updated -- passwd report: Bad: new password must be different than the old one Maybe the password wasn't updated correctly when old password was long more than 8 characters and different characters respect to new password are in positions major of 8. -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356766] Re: Changing long passwords causes spurious error
** Changed in: base-passwd Status: New = Invalid ** Changed in: pam (Ubuntu) Status: Invalid = Triaged -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs