This bug is in the pam package and introduced by the quilt patch
"007_modules_pam_unix". It appears to be intentional, but incorrect
behavior. The code has this comment:
/* The traditional crypt() truncates passwords to 8 chars. It is
possible to circumvent the above checks by choosing an easy
8-char password and adding some random characters to it...
Example: "password$%^&*123". So check it again, this time
truncated to the maximum length. Idea from npasswd. --marekm */
This no longer seems to apply so I think this chunk of code should be
removed.
** Package changed: shadow (Ubuntu) => pam (Ubuntu)
** Changed in: pam (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/600749
Title:
cannot change password with a similar one
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
