Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: mort1504 on June 07, 2007, 06:30:15 PM

Title: user-password
Post by: mort1504 on June 07, 2007, 06:30:15 PM

I have looked at posts in the contrib and bugzilla about my problem, which is, user-password works only when password strength is set to strong. My customer needs this to work with password strength set to none. Has this been fixed? If so where can I find the fix?

Title: user-password
Post by: bpivk on June 07, 2007, 06:45:35 PM

It hasn't been fixed... yet

Title: user-password
Post by: mmccarn on June 09, 2007, 06:30:14 PM

The problem is in /etc/pam.d/system-auth.

When a user tries to change his/her own password, pam_cracklib is invoked using mostly its default settings.

If you disable pam_cracklib and use only pam_unix instead, then user-password works with the only requirement being that passwords must be at least 6 characters long.

Original SME /etc/pam.d/system-auth

Code: [Select]

    23 password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3 type=
     24 password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
     25 password    required      /lib/security/$ISA/pam_deny.so

/etc/pam.d/system-auth modified to allow any password, 6 character minimum
(comment out pam_cracklib.so, and remove "auth_tok" from pam_unix.so)

Code: [Select]

    23 #password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3 type=
     24 password    sufficient    /lib/security/$ISA/pam_unix.so nullok md5 shadow
     25 password    required      /lib/security/$ISA/pam_deny.so

Templating the above modifications to /etc/pam.d/system-auth
If this is good enough for you and you're not petrified at the thought of trashing your SME security, you could template this change like this:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/etc/pam.d/system-auth
sed 's/^.*cracklib.*$/\#&/; s/use_authtok //' \
/etc/e-smith/templates/etc/pam.d/system-auth/40password \
> /etc/e-smith/templates-custom/etc/pam.d/system-auth/40password
expand-template /etc/pam.d/system-auth

Restoring the default contents of /etc/pam.d/system-auth
If anything goes wrong or if you simply wish to undo your customizations:

Code: [Select]

rm -f /etc/e-smith/templates-custom/etc/pam.d/system-auth/40password
expand-template /etc/pam.d/system-auth

WARNING: I've seen that these changes let me set any password with 6 or more characters from a shell prompt or using user-password.  I have no idea what other implications there are to making these changes.