registry team mailing list archive
-
registry team
-
Mailing list archive
-
Message #27965
[Bug 356766] Re: Changing long passwords causes spurious error
I can also confirm this on 10.10, with pam-1.1.1:
$ passwd
Changing password for jesstess.
(current) UNIX password: <12345678aa>
Enter new UNIX password: <12345678bb>
Retype new UNIX password: <12345678bb>
Bad: new password must be different than the old one
You'll get this error if the first 8 characters of the old and new
passwords are the same. As mentioned in bug #549915, the diff in debian
/patches-applied/007_modules_pam_unix adds a pam_unix/obscure.c,
including:
+ if ((msg = password_check(old, new, pwdp)) != NULL)
+ return msg;
+
+ /* The traditional crypt() truncates passwords to 8 chars. It is
+ possible to circumvent the above checks by choosing an easy
+ 8-char password and adding some random characters to it...
+ Example: "password$%^&*123". So check it again, this time
+ truncated to the maximum length. Idea from npasswd. --marekm */
+
+ if (on(UNIX_HASH_MASK,ctrl))
+ return NULL; /* unlimited password length */
+
+ if (oldlen <= 8 && newlen <= 8)
+ return NULL;
+
+ new1 = strndup(new,8);
+ old1 = strndup(old,8);
+
+ msg = password_check(old1, new1, pwdp);
So it re-runs password_check on the first 8 characters of your old and
new passwords, including a check on if they're the same.
I don't know if people would prefer that UNIX_OBSCURE_CHECKS weren't set
by default in Ubuntu, or if the message returned after the second
password_check indicated that it only applied to the first 8 characters,
or some other option.
--
Changing long passwords causes spurious error
https://bugs.launchpad.net/bugs/356766
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for base-passwd.