bin/51245: PAM will not allow users with null password to change password

Crist J. Clark cjc at FreeBSD.org
Mon Apr 21 11:40:07 PDT 2003


>Number:         51245
>Category:       bin
>Synopsis:       PAM will not allow users with null password to change password
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 21 11:40:04 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Crist J. Clark
>Release:        FreeBSD 5.0-RELEASE i386
>Organization:
>Environment:
	FreeBSD 5.0-RELEASE-p7. Using local passwords.
>Description:
	A user with a null password cannot change his password.
>How-To-Repeat:
	As a non-privileged user, change your password to a null
(empty) password,

	$ passwd
	Changing local password for user
	Old Password: (old password)
	New Password: (just hit <enter>)
	Retype New Password: (just hit <enter>)
	$

The user should now have an empty password. Try logging in with the
null password. It should work fine. But now try to change your
password,

	$ passwd
	Changing local password for user
	Old Password: (just hit <enter>)
	passwd: sorry
	$

It will not let you.

>Fix:
	Since root doesn't need to type the old password, root can
reset the user's password.

	As for the real fix, the problem seems to lie within PAM,
somewhere within the pam_chauthtok() function.
>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list