[Touch-packages] [Bug 1989731] [NEW] Non-root user unable to change own password if pam_pwhistory is used

Launchpad Bug Tracker Thu, 15 Sep 2022 07:24:35 -0700

You have been subscribed to a public bug:

When pam_pwhistory is in use non-root users are unable to change their
passwords. In fact, they are able to change it but the system spits out
an error even though the password was indeed changed.


Reproducer:
-----------

1. created an Ubuntu/Focal VM
2. added a user 'test'

sudo adduser test # used passwd '123'
su test

3. changed the password using 'passwd' logged in as the user 'test'

passwd test # used passwd '1qaz2wsx'

4. logged out from 'test' and executed

echo 'password required pam_pwhistory.so remember=5' | sudo tee -a
/etc/pam.d/common-password

5. tried again to follow step 3 as user 'test' but the following
happens:

passwd test # used passwd '3edc4rfv' (1)
Changing password for test.
Current password:
New password:
Retype new password:
Password has been already used. Choose another.
passwd: Have exhausted maximum number of retries for service
passwd: password unchanged

However, I'm now able to log in as 'test' using the password in
(1) (the one that was supposedly not set up due to having been
already used) instead of the old one (the one that should be in
place since the change process returned an error).

6. if I comment out 'password required pam_pwhistory.so remember=5'
then I can log in as 'test' and change the password without issues

This behavior has been verified with the below package versioning:

ii  libpam-cap:amd64                1:2.32-1                              amd64 
       POSIX 1003.1e capabilities (PAM module)
ii  libpam-modules:amd64            1.3.1-5ubuntu4.3                      amd64 
       Pluggable Authentication Modules for PAM
ii  libpam-modules-bin              1.3.1-5ubuntu4.3                      amd64 
       Pluggable Authentication Modules for PAM - helper binaries
ii  libpam-runtime                  1.3.1-5ubuntu4.3                      all   
       Runtime support for the PAM library
ii  libpam-systemd:amd64            245.4-4ubuntu3.15                     amd64 
       system and service manager - PAM module
ii  libpam0g:amd64                  1.3.1-5ubuntu4.3                      amd64 
       Pluggable Authentication Modules library

** Affects: pam (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Non-root user unable to change own password if pam_pwhistory is used
https://bugs.launchpad.net/bugs/1989731
You received this bug notification because you are a member of Ubuntu Touch 
seeded packages, which is subscribed to pam in Ubuntu.

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989731] [NEW] Non-root user unable to change own password if pam_pwhistory is used

Reply via email to