Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 87455

Summary: pam_unix remember= parameter produces errors
Product: [Retired] Red Hat Linux Reporter: Adam Wiggins <adam>
Component: pamAssignee: Jindrich Novy <jnovy>
Status: CLOSED DUPLICATE QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: pknirsch, srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: athlon   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 18:52:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Adam Wiggins 2003-03-27 01:15:00 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021207
Phoenix/0.5

Description of problem:
Trying to use the remember= parameter of the pam_unix.so module to store past
passwords in /etc/opasswd produces the following.  I modified
/etc/pam.d/system-auth to contain:

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow remember=3
password    required      /lib/security/pam_deny.so

Then when any user tries to change their password...

[test@ash test]$ passwd
Changing password for user test.
Changing password for test
(current) UNIX password:
New password:
Retype new password:
Password has been already used. Choose another.
Password has been already used. Choose another.
Password has been already used. Choose another.
passwd: Authentication token manipulation error
[test@ash test]$

I am quite certain that the password I am using has not been used before.  Plus,
there is /etc/opasswd!


Version-Release number of selected component (if applicable):
pam-0.75-46.8.0

How reproducible:
Always

Steps to Reproduce:
1. append remember=3 to line 11 of /etc/pam.d/system-auth
2. try to change a user's password with passwd


Additional info:

Comment 1 Need Real Name 2003-05-24 16:36:14 UTC
The fix is to touch /etc/security/opasswd.  This should probably be done by the
install process, doncha' think?

Comment 2 Jindrich Novy 2004-09-21 08:39:05 UTC

*** This bug has been marked as a duplicate of 127524 ***

Comment 3 Red Hat Bugzilla 2006-02-21 18:52:22 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.