ecryptfs team mailing list archive

Thread
Date

[Bug 272232] Re: passwd - passwords do not match but updated successfully

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: pescio <pescio@xxxxxxxxx>
Date: Thu, 27 Nov 2008 19:48:52 -0000
Reply-to: Bug 272232 <272232@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

here it is,
$ cat /etc/pam.d/common-password
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords.  The default is pam_unix.

# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords.  Without this option,
# the default is Unix crypt.  Prior releases used the option "md5".
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# See the pam_unix manpage for other options.

# As of pam 1.0.1-5, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
password	[success=2 default=ignore]	pam_lwidentity.so 
password	[success=1 default=ignore]	pam_unix.so obscure use_authtok try_first_pass sha512
# here's the fallback if no module succeeds
password	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config


thanks,
pescio

-- 
passwd - passwords do not match but updated successfully
https://bugs.launchpad.net/bugs/272232
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Fix Released
Status in “pam” source package in Ubuntu: Fix Released
Status in “shadow” source package in Ubuntu: Invalid
Status in ecryptfs-utils in Ubuntu Intrepid: Fix Released
Status in pam in Ubuntu Intrepid: Fix Released
Status in shadow in Ubuntu Intrepid: Invalid

Bug description:
Binary package hint: passwd

As root, if you attempt to change the password, and the passwords do not match you get "passwords do not match" and "password updated successfully".  It should only report "passwords do not match".  It shouldn't say "password updated sucessfully".  According to Synaptic the passwd package is at level "1:4.1.1-1ubuntu1".  This is on 8.10 Alpha 6.  Here's the output:

root@ehud:/# passwd
Enter new UNIX password: 
Retype new UNIX password: 
Sorry, passwords do not match
passwd: password updated successfully
root@ehud:/# lsb_release -rd
Description:	Ubuntu intrepid (development branch)
Release:	8.10
root@ehud:/#

This happens for normal users as well:

userX@ehud:~$ passwd
Changing password for userX.
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
Sorry, passwords do not match
passwd: password updated successfully
userX@ehud:~$

Follow ups

Re: [Bug 272232] Re: passwd - passwords do not match but updated successfully
From: Steve Langasek, 2008-11-27