[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam-0.57-4



It's a long living problem.
My first report of the problem sent to redhat-list
was dated 'Sun, 26 Jan 1997 21:28:35 +0300 (MSK)'.
The real victim was a cracklib package in RH distributions.
I had a discussion with Erik Troan <ewt@redhat.com> and
sent him patches to fix the problem.
I suppose the patches was placed in a usual patch storage (/dev/null).

After more than a year has passed you don't need a patch.
Just upgrade your cracklib to 2.7 and rebuild PAM package.

Best wishes
					Andrey V.
					Savochkin

On Tue, Jun 30, 1998 at 06:46:46PM +0400, Pawel S. Veselov wrote:
>                     Hello, All !
> 
>     Something strange happening with passwd utility if pam-0.57-4 is installed.
>     If some user has no real name, then :
> 
> [vps@unicorn(2)]~$ cat /etc/passwd|grep vps
> vps:x:1224:100::/home/vps:/bin/bash
> [vps@unicorn(2)]~$ passwd
> Changing password for vps
> (current) UNIX password:
> New UNIX password:
> Segmentation fault
> [vps@unicorn(2)]~$ passwd
> Changing password for vps
> (current) UNIX password:
> New UNIX password:
> BAD PASSWORD: it's WAY too short
> passwd: Authentication token manipulation error
> [vps@unicorn(2)]~$
> 
> As root ::
> 
> [root@unicorn]~# passwd vps
> New UNIX password:
> Retype new UNIX password:
> passwd: all authentication tokens updated successfully
> [root@unicorn]~# passwd vps
> New UNIX password:
> BAD PASSWORD: it's WAY too short
> Retype new UNIX password:
> passwd: all authentication tokens updated successfully
> [root@unicorn]~# passwd vps
> New UNIX password:
> Retype new UNIX password:
> passwd: all authentication tokens updated successfully
> [root@unicorn]~# 
> 
> 
> As one can see, for root there is no problems. But user can't change
> his/her password if realname was not set. SIGSEGV happens in strncmp()
> in pam_chauthtok(). I don't know if is it dangerous or not, but ...



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []