Ubuntu
gnome-control-center package

gnome-about-me password change when using password too simple or pam-cracklib

Bug #151218 reported by Profile Disabled
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-control-center (Baltix)
New
Undecided
Unassigned
gnome-control-center (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Binary package hint: gnome-control-center

Hello,

there is a bug in gnome-about-me panel ---> change password when you use pam-cracklib and you try with a dictionary-based password. (or reverse dictionary)

probably the applet can't recognize the error code and it can't translate the code in language, it result stalled.

Sorry for my bad english...

If you want more details ask me.

Il you want replicate the bug you have to do this step:

#install the pam-cracklib library
sudo apt-get install libpam-cracklib
#edit the common-password configuration
sudo nano /etc/pam.d/common-password

#replace default config with those lines
password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=0 $
password sufficient pam_unix.so nullok use_authtok md5 shadow

open gnome-about-me and try to change user password with "password" or "lobasko"
you can see the aplication infinite wait. no errors displayed.

also if you open a terminal and execute "passwd" command with "password" you get this error:
BAD PASSWORD: it is based on a dictionary word

if you try with "lobasko" you get this error
BAD PASSWORD: it is based on a (reversed) dictionary word

I'm Glad i could help

Sebastien Bacher (seb128)
Changed in gnome-control-center:
importance: Undecided → Low
Revision history for this message
Mantas Kriaučiūnas (mantas) wrote : about-me capplet freezes always, when new password is too simple

about-me capplet freezes not only, when using pam_cracklib, but also in default Ubuntu 7.10 Live CD and after installation. It seems it freezes always, when password is too simple.
It's very simple to reproduce - just go to System->Preferences->About me, click on "Change Password", then click on "Authenticate" and ten input only one letter, for example 'a' in new password/retype new password.
Then just click on "Change Password" button and you will get about-me capplet frozen forever :(

 Importance of this bug should be increased, because users very often uses simple passwords. Also description should be changed.

Revision history for this message
Lance Russell (lrussell) wrote :

I think this is a dupe of bug #26939, https://bugs.launchpad.net/baltix/+bug/26939
Should be corrected in Hardy . . .

Revision history for this message
Lance Russell (lrussell) wrote :

I think this is a dupe of bug #26939, https://bugs.launchpad.net/baltix/+bug/26939
Should be corrected in Hardy . . .

Changed in gnome-control-center:
status: New → Fix Committed
status: Fix Committed → Fix Released
Revision history for this message
Eivind Eide (mokkurkalve) wrote :

With Gnome in plain Ubuntu 9.04 with no_NB.utf8 locale
(norwegian bokmaal) this is not fixed.

After installing pam_cracklib, using configuration:

password requisite pam_cracklib.so retry=3 minlen=14 difok=5
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 remember=6

When testing password "123sex" with passwd in a shell the feedback are:

SVAKT PASSORD: det er basert på et ord fra en ordbok

(Translated: "WEAK PASSWORD: it's based on a dictionary word")

However, going through the "About me" dialogue in Gnome/Ubuntu
menu, using "Change password", it just hangs indefinitely, until killed...

The feedback from passwd should be showed by the graphical app also, no matter.
I found this problem while setting up an Ubuntu system for a user who is never
going to touch the shell...

Revision history for this message
Eivind Eide (mokkurkalve) wrote :

A typo in my previous post:
It should be nb_NO.UTF-8 locale, ofcourse... :-S

Revision history for this message
Mathieu Marquer (slasher-fun) wrote :

Same behavior with fr_FR : if the new password is to close to the old one (according to passwd), the password change window will let you close the window after clicking on the "change password" (or "apply" ?) button, but the password has not been changed, and there has been no feedback about that.

Changed in gnome-control-center (Ubuntu):
status: Fix Released → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

don't reopen closed bugs

Changed in gnome-control-center (Ubuntu):
status: Confirmed → Fix Released
status: Fix Released → Fix Committed
status: Fix Committed → Confirmed
status: Confirmed → Fix Released
status: Fix Released → Triaged
status: Triaged → Fix Released
status: Fix Released → Confirmed
status: Confirmed → Fix Released
Revision history for this message
Alexandros Papadopoulos (alexandros-papadopoulos) wrote :

Seems like a duplicate of https://bugs.launchpad.net/bugs/544570

Also, I can confirm the bug in 10.04 i386. Changing the password to something cracklib doesn't like results in a hung GUI, with no "your password is too simple/similar" feedback.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.