[27398] in Athena Bugs
Re: Debathena: passwd
daemon@ATHENA.MIT.EDU (Evan Broder)
Thu Dec 3 10:11:31 2009
MIME-Version: 1.0
In-Reply-To: <2706d8dd0912030708s339cd767if6ecaa321f885c34@mail.gmail.com>
Date: Thu, 3 Dec 2009 10:11:14 -0500
Message-ID: <2706d8dd0912030711x28f6cd68p28d1ece4dab6f283@mail.gmail.com>
From: Evan Broder <broder@mit.edu>
To: Mitchell E Berger <mitchb@mit.edu>
Content-Type: text/plain; charset=ISO-8859-1
X-Spam-Flag: NO
X-Spam-Score: 0.00
Content-Transfer-Encoding: 8bit
Cc: bugs@mit.edu, boojum@mit.edu
Errors-To: bugs-bounces@mit.edu
(Before we actually blame pam_krb5, it would be nice if we could get
verification that this works if pam_krb5 isn't in the passwd stack)
On Thu, Dec 3, 2009 at 10:08 AM, Evan Broder <broder@mit.edu> wrote:
> Interesting. In that case, it seems likely to be a bug in
> pam_auth_krb5. My hunch is to blame this diff hunk from around line
> 250 of api-password.c:
>
> done:
> + if (pamret != PAM_SUCCESS) {
> + if (pamret == PAM_SERVICE_ERR || pamret == PAM_AUTH_ERR)
> + pamret = PAM_AUTHTOK_ERR;
> + if (pamret == PAM_AUTHINFO_UNAVAIL)
> + pamret = PAM_AUTHTOK_ERR;
> + }
> EXIT(args, pamret);
> if (pass != NULL) {
> memset(pass, 0, strlen(pass));
>
> But I don't actually know. Filing an LP bug would probably be more
> productive than me skimming diffs, although I will note that people
> really don't care about Intrepid anymore.
>
> - Evan
>
> On Thu, Dec 3, 2009 at 8:58 AM, Mitchell E Berger <mitchb@mit.edu> wrote:
>> I can, however, reproduce it on another Intrepid machine:
>>
>> zygorthian-space-raiders:~> passwd
>> Current Kerberos password:
>> Enter new Kerberos password:
>> Retype new Kerberos password:
>> Passwords don't match
>> passwd: password updated successfully
>> zygorthian-space-raiders:~>
>>
>> So, it's not Laura's account, and it's not Laura's machine.
>>
>> Mitch
>>
>>> Interesting. I was unable to reproduce this on a Debathena Jaunty machine:
>>>
>>> kid-icarus:~ broder$ passwd
>>> Current Kerberos password:
>>> Enter new Kerberos password:
>>> Retype new Kerberos password:
>>> Passwords don't match
>>> passwd: Authentication token manipulation error
>>> passwd: password unchanged
>>>
>>> Although it looks like dale is running Debathena Intrepid (8.10), the
>>> PAM configuration should be identical between those two versions, so
>>> I'm not sure what the difference there would be.
>>>
>>> - Evan
>>>
>>> On Wed, Dec 2, 2009 at 11:10 AM, <boojum@mit.edu> wrote:
>>> > System name: DALE
>>> > Type: i686
>>> > Display type: Intel Corporation 82915G/GV/910GL Integrated Graphics Co
>>> ntroller (rev 04)
>>> >
>>> > Shell: /bin/athena/tcsh (?)
>>> > Window manager: unknown
>>> >
>>> > What were you trying to do?
>>> > Change my password using "passwd"
>>> >
>>> > What's wrong:
>>> > If I type mismatched passwords, it tells me:
>>> >
>>> > Passwords don't match
>>> > passwd: password updated successfully
>>> >
>>> > (It does not, in fact, update my password).
>>> >
>>> > What should have happened:
>>> >
>>> > It shouldn't say "password updated successfully".
>>> >
>>> >
>>>
>>
>
