I can also confirm this on 10.10, with pam-1.1.1: $ passwd Changing password for jesstess. (current) UNIX password: <12345678aa> Enter new UNIX password: <12345678bb> Retype new UNIX password: <12345678bb> Bad: new password must be different than the old one
You'll get this error if the first 8 characters of the old and new passwords are the same. As mentioned in bug #549915, the diff in debian /patches-applied/007_modules_pam_unix adds a pam_unix/obscure.c, including: + if ((msg = password_check(old, new, pwdp)) != NULL) + return msg; + + /* The traditional crypt() truncates passwords to 8 chars. It is + possible to circumvent the above checks by choosing an easy + 8-char password and adding some random characters to it... + Example: "password$%^&*123". So check it again, this time + truncated to the maximum length. Idea from npasswd. --marekm */ + + if (on(UNIX_HASH_MASK,ctrl)) + return NULL; /* unlimited password length */ + + if (oldlen <= 8 && newlen <= 8) + return NULL; + + new1 = strndup(new,8); + old1 = strndup(old,8); + + msg = password_check(old1, new1, pwdp); So it re-runs password_check on the first 8 characters of your old and new passwords, including a check on if they're the same. I don't know if people would prefer that UNIX_OBSCURE_CHECKS weren't set by default in Ubuntu, or if the message returned after the second password_check indicated that it only applied to the first 8 characters, or some other option. -- Changing long passwords causes spurious error https://bugs.launchpad.net/bugs/356766 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs