Subject: bin/29719: confusing passwd(1) warning w/ short password and PAM
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <hubert@feyrer.de>
List: netbsd-bugs
Date: 03/16/2005 23:57:00
>Number: 29719
>Category: bin
>Synopsis: confusing passwd(1) warning w/ short password and PAM
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Wed Mar 16 23:57:00 +0000 2005
>Originator: Hubert Feyrer
>Release: NetBSD 2.99.16
>Organization:
bla!
>Environment:
NetBSD qemu 2.99.16 NetBSD 2.99.16 (GENERIC) #2: Sun Mar 13 01:29:31 MET 2005 feyrer@miyu:/home/cvs/src-current/sys/arch/i386/compile/obj.i386/GENERIC i386
Architecture: i386
Machine: i386
>Description:
Playing with PAM a bit on a 2.99.16 system, I found out that passwd(1)
now behaves different than before when using "short" (one letter)
passwords:
qemu: {2} passwd
Old Password: x
New Password: y
Retype New Password: y
Please enter a longer password.
The NIS password has been changed on qemu, the master NIS passwd server.
The (expected) warning about entering a longer password is printed,
but after that no other request to input a new password is made,
as used to be the case on a 2.0 system.
The password still is changed.
This is NOT related to NIS!
When changing the password via yppasswd, the old behaviour is still
displayed:
qemu: {3} yppasswd
Changing NIS password for feyrer.
Old password: y
New password: x
Please enter a longer password.
New password: x
Retype new password: x
The NIS password has been changed on qemu, the master NIS passwd server.
Here the system prompts to enter another password after printing
the warning, and accepts it after that when insisting on using
the short password.
On NetBSD 2.0, passwd(1) still behaves the same as yppasswd(1)
(on a system w/o NIS):
miyu% passwd
Changing local password for feyrer.
New password:
Please enter a longer password.
New password:
Retype new password:
miyu%
>How-To-Repeat:
Use passwd(1) to set a short password.
Wonder that a warning is printed.
Wonder if the password was accepted or not,
and wonder where the old NetBSD behaviour went to.
>Fix:
Make passwd(1) behave like yppasswd(1) and old (pre-PAM?)
passwd(1).
>Unformatted: