I can also confirm this on 10.10, with pam-1.1.1:
$ passwd
Changing password for jesstess.
(current) UNIX password: 12345678aa
Enter new UNIX password: 12345678bb
Retype new UNIX password: 12345678bb
Bad: new password must be different than the old one
You'll get this error if the first 8 characters of the old and new
passwords are the same. As mentioned in bug #549915, the diff in debian
/patches-applied/007_modules_pam_unix adds a pam_unix/obscure.c,
including:
+ if ((msg = password_check(old, new, pwdp)) != NULL)
+ return msg;
+
+ /* The traditional crypt() truncates passwords to 8 chars. It is
+ possible to circumvent the above checks by choosing an easy
+ 8-char password and adding some random characters to it...
+ Example: password$%^*123. So check it again, this time
+ truncated to the maximum length. Idea from npasswd. --marekm */
+
+ if (on(UNIX_HASH_MASK,ctrl))
+ return NULL; /* unlimited password length */
+
+ if (oldlen = 8 newlen = 8)
+ return NULL;
+
+ new1 = strndup(new,8);
+ old1 = strndup(old,8);
+
+ msg = password_check(old1, new1, pwdp);
So it re-runs password_check on the first 8 characters of your old and
new passwords, including a check on if they're the same.
I don't know if people would prefer that UNIX_OBSCURE_CHECKS weren't set
by default in Ubuntu, or if the message returned after the second
password_check indicated that it only applied to the first 8 characters,
or some other option.
--
Changing long passwords causes spurious error
https://bugs.launchpad.net/bugs/356766
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
