passwd prompts for new password only once when a short password is entered - Security

This is a discussion on passwd prompts for new password only once when a short password is entered - Security ; My computer behaves as follows when a short password is entered: # passwd testing Changing password for user testing. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: No password supplied No password supplied No ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: passwd prompts for new password only once when a short password is entered

  1. passwd prompts for new password only once when a short password is entered

    My computer behaves as follows when a short password is entered:
    # passwd testing
    Changing password for user testing.
    New UNIX password:
    BAD PASSWORD: it is WAY too short
    Retype new UNIX password:
    No password supplied
    No password supplied
    No password supplied
    passwd: Authentication token manipulation error
    You have new mail in /var/spool/mail/root

    My desired behavior is that passwd reprompts three times as follows:
    # passwd testing
    Changing password for user testing
    New UNIX password:
    BAD PASSWORD: it's WAY too short
    New UNIX password:
    BAD PASSWORD: it's WAY too short
    New UNIX password:
    BAD PASSWORD: it's WAY too short
    passwd: Authentication token manipulation error

    Which file should I change?

    My current pam.d/system-auth is:
    # cat pam.d/system-auth
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth required pam_env.so
    auth sufficient pam_unix.so likeauth nullok
    auth required pam_deny.so

    account required pam_unix.so

    password required pam_cracklib.so retry=3
    password sufficient pam_unix.so use_authtok nullok md5 shadow
    password required pam_deny.so

    session optional pam_keyinit.so revoke
    session required pam_limits.so
    session [success=1 default=ignore] pam_succeed_if.so service in
    crond quiet use_uid
    session required pam_unix.so


  2. Re: passwd prompts for new password only once when a short password is entered

    In news:1190235977.314746.266220@k79g2000hse.googlegr oups.com,
    wong_powah@yahoo.ca wrote:

    > My computer behaves as follows when a short password is entered:


    Your question has already been answered the last time you posed it -- if you
    won't bother reading the replies, then please don't ask.


  3. Re: passwd prompts for new password only once when a short password is entered

    On Sep 19, 6:45 pm, "ynotssor" wrote:
    > Innews:1190235977.314746.266220@k79g2000hse.google groups.com,
    >
    > wong_po...@yahoo.ca wrote:
    > > My computer behaves as follows when a short password is entered:

    >
    > Your question has already been answered the last time you posed it -- if you
    > won't bother reading the replies, then please don't ask.


    I had already read the replies, but still think that a solution is
    possible because out of the five linux (RH 7.2, FC3, FC6) computers I
    had, one RH 7.2 computer had my desired behavior.
    I assumed that /etc/pam.d/system-auth is the file to change (is that
    true?), so I modified the system-auth file on a FC6 computer to look
    the same as the working RH 7.2 computer, reboot the FC6 computer.
    However, the FC6 computer still does not have my desired behavior, so
    I posted the system-auth file here, hoping that someone may tell me
    the solution.


  4. Re: passwd prompts for new password only once when a short password is entered

    In news:1190297200.806362.101060@19g2000hsx.googlegro ups.com,
    wong_powah@yahoo.ca wrote:

    >> Your question has already been answered the last time you posed it
    >> -- if you won't bother reading the replies, then please don't ask.

    >
    > I had already read the replies, but still think that a solution is
    > possible because out of the five linux (RH 7.2, FC3, FC6) computers I
    > had, one RH 7.2 computer had my desired behavior.


    Your desired behavior would be to NOT start a new thread for the same
    question. If you can't understand the answer as being the default root
    characteristic of the passwd command, then please confine your confusion to
    the original thread.


  5. Re: passwd prompts for new password only once when a short password is entered

    wong_powah@yahoo.ca writes:

    >On Sep 19, 6:45 pm, "ynotssor" wrote:
    >> Innews:1190235977.314746.266220@k79g2000hse.google groups.com,
    >>
    >> wong_po...@yahoo.ca wrote:
    >> > My computer behaves as follows when a short password is entered:

    >>
    >> Your question has already been answered the last time you posed it -- if you
    >> won't bother reading the replies, then please don't ask.


    >I had already read the replies, but still think that a solution is
    >possible because out of the five linux (RH 7.2, FC3, FC6) computers I
    >had, one RH 7.2 computer had my desired behavior.
    >I assumed that /etc/pam.d/system-auth is the file to change (is that
    >true?), so I modified the system-auth file on a FC6 computer to look
    >the same as the working RH 7.2 computer, reboot the FC6 computer.
    >However, the FC6 computer still does not have my desired behavior, so
    >I posted the system-auth file here, hoping that someone may tell me
    >the solution.



    Since we have no idea what you want ( you complain but do not explain), it
    is unclear how you can be helped. IF root is entering a password for a
    user, two things happen-- pam does NOT ask for the old password, and pam
    allows the new password to entered even if it does not satisfy the
    criteria, since it assumes that root knows what it is doing. Ie, if as root
    you insist on using the short password for the user, then it is on your
    head. This is exactly what it should do, and noone is going to want to
    change that.
    If it is a user, then the old password is asked for, AND the criteria are
    applied. Ie, the password is rejected and things start again.

    That is how it works. And that is how most people want it to work. If you
    want it to work differently, you have the source code, go to it.



+ Reply to Thread