|Summary:||passwd checking module returns bad passwd inappropriately.|
|Component:||passwd||Assignee:||Tomas Mraz <tmraz>|
|Status:||CLOSED NOTABUG||QA Contact:||Mike McLean <mikem>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-05-19 14:52:02 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description akonstam 2005-05-19 14:27:40 UTC
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20041005 Description of problem: When entering a passwd to the passwd program the brogram returns message: BAD PASSWORD: it is based on a dictionary word For example , with the passwd: kgf08p that message is returned. This passwd has all consinents and 2 numbers. What word could it be based on. This has happened to me on other passwds unrelated to words. lkd45j returns: Bad passwd: is too simple. fgk08p returns: Bad passwd: based on a (reversed) dictionary word. It is frustrating. What rules are being used. They seem screwey. Version-Release number of selected component (if applicable): passwd-0.69-2 How reproducible: Always Steps to Reproduce: 1.passwd 2.Current unix passwd: 3.New passwd: fgk08p Actual Results: Bad passwd: based on a (reversed) dictionary word. Expected Results: Passwd would be accepted and a request to enter it again Additional info:
Comment 1 Tomas Mraz 2005-05-19 14:52:02 UTC
The "too simple" is configurable by setting appropriate options to pam_cracklib in the /etc/pam.d/system auth. The dictionary check is done by the cracklib library. Generally it can be said that 6 letters passwords are too short.
Comment 2 akonstam 2005-05-19 16:28:19 UTC
I am not so concerned with 6 character passwd being too short. My real concern is the clain that it is based on a dictionary word. This is not just one passwd but every passwd I have tried. Now the passwd fgk08p is not based on any word I know so something is wrong with the argorithim. And it is very anoying if I am trying to explain to a 1000 students how to make an acceptable passwd.
Comment 3 Tomas Mraz 2005-05-19 16:43:15 UTC
The dictionary check does character substitutions and so on so for the password to pass it has to be different in more than x characters than any word in the dictionary. The actual x value is in the cracklib sources and if it's for example 4 than basically no 6 letters password can pass the check. Feel free reopen the bug and reassign it to cracklib however I don't think the algorithm or the x value will be changed.