Bug 144725 - improve check for palindroms in passwords
Summary: improve check for palindroms in passwords
Status: VERIFIED FIXED
Alias: None
Product: openSUSE 10.2
Classification: openSUSE
Component: YaST2 (show other bugs)
Version: Alpha 1
Hardware: Other Other
: P5 - None : Enhancement (vote)
Target Milestone: Alpha 1
Assignee: Jiří Suchomel
QA Contact: Klaus Kämpf
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-23 08:08 UTC by Tim Fechtner
Modified: 2006-12-09 15:22 UTC (History)
0 users

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
desired conf file (316 bytes, text/plain)
2006-01-24 21:02 UTC, Tim Fechtner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Fechtner 2006-01-23 08:08:20 UTC 
When the check for complicate passwords (palindrom) is enabled using yast (security options), it is still possible to create users with passwords like "xxxxx" - which shouldn't be possible and which isn't possible using the "passwd"-command on the console.
Comment 1 Martin Lasarsch 2006-01-23 16:04:23 UTC 
but you get a warning or not?
Comment 2 Tim Fechtner 2006-01-23 20:50:02 UTC 
Depends. When I want to use "xxxxx" as password, I get the warning that I'm using only minor letters. But using "XXXXX" as password is accepted without any warning. (And using the passwd command, "XXXXX" is refuesed.)
Comment 3 Michael Gross 2006-01-24 15:35:51 UTC 
The maintainer should decide...
Comment 4 Jiří Suchomel 2006-01-24 17:08:50 UTC 
What do you have in /etc/security/pam_pwcheck.conf?
Did you check both options in security module? For this, you need "Check New Passwords".
Comment 5 Tim Fechtner 2006-01-24 21:01:27 UTC 
I'll attach the .conf file.

No, "Check New Passwords" isn't enabled. However, at least for the "passwd" command these two options works completly independend the one from the other in SUSE 10.0. I don't know what is the desired behavior, but at least "passwd" behaves different to yast user administration, and that's confusing.
Comment 6 Tim Fechtner 2006-01-24 21:02:35 UTC 
Created attachment 64855 [details]
desired conf file
Comment 7 Jiří Suchomel 2006-01-25 07:09:32 UTC 
Enable "Check New Passwords" in Security settings to get requested behaviour - this will start using cracklib library for checking new passwords.

The checks for lower case letters, palindroms etc. is done internaly in yast and could be imporved -> Stano.
Comment 8 Jiří Suchomel 2006-02-01 12:46:41 UTC 
later.
Comment 9 Jiří Suchomel 2006-05-19 14:32:31 UTC 
re
Comment 10 Jiří Suchomel 2006-06-29 11:04:43 UTC 
Fixed in yast2-users-2.13.19 for SL10.2 and SLE10SP1.
Comment 11 Tim Fechtner 2006-12-09 15:21:36 UTC 
Verified in 10.2 final.
Comment 12 Tim Fechtner 2006-12-09 15:22:01 UTC 
Closing.