gnome-about-me password change when using password too simple or pam-cracklib
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-control-center (Baltix) |
New
|
Undecided
|
Unassigned | ||
gnome-control-center (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: gnome-control-
Hello,
there is a bug in gnome-about-me panel ---> change password when you use pam-cracklib and you try with a dictionary-based password. (or reverse dictionary)
probably the applet can't recognize the error code and it can't translate the code in language, it result stalled.
Sorry for my bad english...
If you want more details ask me.
Il you want replicate the bug you have to do this step:
#install the pam-cracklib library
sudo apt-get install libpam-cracklib
#edit the common-password configuration
sudo nano /etc/pam.
#replace default config with those lines
password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=0 $
password sufficient pam_unix.so nullok use_authtok md5 shadow
open gnome-about-me and try to change user password with "password" or "lobasko"
you can see the aplication infinite wait. no errors displayed.
also if you open a terminal and execute "passwd" command with "password" you get this error:
BAD PASSWORD: it is based on a dictionary word
if you try with "lobasko" you get this error
BAD PASSWORD: it is based on a (reversed) dictionary word
I'm Glad i could help
Changed in gnome-control-center: | |
importance: | Undecided → Low |
about-me capplet freezes not only, when using pam_cracklib, but also in default Ubuntu 7.10 Live CD and after installation. It seems it freezes always, when password is too simple. >Preferences- >About me, click on "Change Password", then click on "Authenticate" and ten input only one letter, for example 'a' in new password/retype new password.
It's very simple to reproduce - just go to System-
Then just click on "Change Password" button and you will get about-me capplet frozen forever :(
Importance of this bug should be increased, because users very often uses simple passwords. Also description should be changed.