[regression] passwd -e locks account
Bug #291091 reported by
Nick Barcet
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Landscape Client |
Invalid
|
Undecided
|
Unassigned | ||
pam (Ubuntu) |
Fix Released
|
High
|
Steve Langasek | ||
Intrepid |
Fix Released
|
High
|
Kees Cook | ||
Jaunty |
Fix Released
|
High
|
Steve Langasek |
Bug Description
On an up to date intrepid desktop or server
- create a user "test"
- sudo passwd -e test
- try to log in as test
--> "you are required to change your password immediately (root enforced)"
"Authentication failure"
then back at the login prompt
I would have expected to be asked for a new password where it seems that the account is locked.
Impact: users that should be able to change their passwords at login time are instead locked out.
Regression potential: none of note
TEST CASE: expire a user account with 'passwd -e'; try to log in; see the above-mentioned error. install the updated package, try to log in again, and get a prompt for changing the password.
Changed in pam: | |
assignee: | nobody → vorlon |
importance: | Undecided → High |
milestone: | none → intrepid-updates |
status: | New → Triaged |
milestone: | intrepid-updates → none |
Changed in pam: | |
assignee: | vorlon → kees |
description: | updated |
Changed in pam: | |
milestone: | none → intrepid-updates |
To post a comment you must log in.
This occurs because of the new entries in /etc/pam. d/common- account:
account [success=1 default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
On Hardy (where this still worked), common-account contained:
account required pam_unix.so