[27397] in Athena Bugs
Re: Debathena: passwd
daemon@ATHENA.MIT.EDU (Mitchell E Berger)
Thu Dec 3 10:10:58 2009
Message-Id: <200912031510.nB3FAc5u008853@byte-me.mit.edu>
To: Evan Broder <broder@mit.edu>
In-Reply-To: Your message of "Thu, 03 Dec 2009 10:08:04 EST."
<2706d8dd0912030708s339cd767if6ecaa321f885c34@mail.gmail.com>
Date: Thu, 03 Dec 2009 10:10:38 -0500
From: Mitchell E Berger <mitchb@mit.edu>
X-Spam-Flag: NO
X-Spam-Score: 0.00
Cc: bugs@mit.edu, boojum@mit.edu
Errors-To: bugs-bounces@mit.edu
I kind of agree that if it's Intrepid-only, there's precious little
reason someone would still want to be running it, and it's not
really high on a list of things to worry about.
I've mostly not upgraded zsr just so that we are still running *some*
Intrepid machine to be able to reproduce and debug problems that turn
out to be specific to it. I'm glad this wasn't just misguided. 8-)
Mitch
> Interesting. In that case, it seems likely to be a bug in
> pam_auth_krb5. My hunch is to blame this diff hunk from around line
> 250 of api-password.c:
>
> done:
> + if (pamret !=3D PAM_SUCCESS) {
> + if (pamret =3D=3D PAM_SERVICE_ERR || pamret =3D=3D PAM_AUTH_ERR)
> + pamret =3D PAM_AUTHTOK_ERR;
> + if (pamret =3D=3D PAM_AUTHINFO_UNAVAIL)
> + pamret =3D PAM_AUTHTOK_ERR;
> + }
> EXIT(args, pamret);
> if (pass !=3D NULL) {
> memset(pass, 0, strlen(pass));
>
> But I don't actually know. Filing an LP bug would probably be more
> productive than me skimming diffs, although I will note that people
> really don't care about Intrepid anymore.
>
> - Evan
>
> On Thu, Dec 3, 2009 at 8:58 AM, Mitchell E Berger <mitchb@mit.edu> wrote:
> > I can, however, reproduce it on another Intrepid machine:
> >
> > zygorthian-space-raiders:~> passwd
> > Current Kerberos password:
> > Enter new Kerberos password:
> > Retype new Kerberos password:
> > Passwords don't match
> > passwd: password updated successfully
> > zygorthian-space-raiders:~>
> >
> > So, it's not Laura's account, and it's not Laura's machine.
> >
> > Mitch
> >
> >> Interesting. I was unable to reproduce this on a Debathena Jaunty machin=
> e:
> >>
> >> kid-icarus:~ broder$ passwd
> >> Current Kerberos password:
> >> Enter new Kerberos password:
> >> Retype new Kerberos password:
> >> Passwords don't match
> >> passwd: Authentication token manipulation error
> >> passwd: password unchanged
> >>
> >> Although it looks like dale is running Debathena Intrepid (8.10), the
> >> PAM configuration should be identical between those two versions, so
> >> I'm not sure what the difference there would be.
> >>
> >> - Evan
> >>
> >> On Wed, Dec 2, 2009 at 11:10 AM, =A0<boojum@mit.edu> wrote:
> >> > System name: =A0 =A0 =A0 =A0 =A0 =A0DALE
> >> > Type: =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 i686
> >> > Display type: =A0 =A0 =A0 =A0 =A0 Intel Corporation 82915G/GV/910GL In=
> tegrated Graphics Co
> >> ntroller (rev 04)
> >> >
> >> > Shell: =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/bin/athena/tcsh (?)
> >> > Window manager: =A0 =A0 =A0 =A0 unknown
> >> >
> >> > What were you trying to do?
> >> > =A0Change my password using "passwd"
> >> >
> >> > What's wrong:
> >> > =A0If I type mismatched passwords, it tells me:
> >> >
> >> > Passwords don't match
> >> > passwd: password updated successfully
> >> >
> >> > (It does not, in fact, update my password).
> >> >
> >> > What should have happened:
> >> >
> >> > It shouldn't say "password updated successfully".
> >> >
> >> >
> >>
> >