IO ERROR
1996-Dec-06 06:28 UTC
Stupid passwd tricks: User with blank GECOS can''t change passwd
I have discovered that a user who has a blank GECOS field in the passwd file under RedHat 4.0 (Colgate) is unable to change passwords. Running the passwd command goes like this: [user@host user]$ passwd Password: [entry of old passwd] New password: [entry of new passwd] [user@host user]$ echo $! 1 [user@host user]$ Setting the name field in the GECOS seems to solve this problem. [mod: While trying to reproduce this, I found different ways that "passwd" could run into trouble. On MY Red Hat 4.0 system it does "segmentation fault" when I have no GECOS field. My "test" user couldn''t authenticate himself, right after I chaged the passwd to a "known" value while I was root. [root@adder ~]$ passwd test New password: New password (again): Password changed passwd: all authentication tokens updated successfully [root@adder ~]$ su - test [test@adder test]$ passwd Password: Password: Password: passwd: Authentication failure [test@adder test]$ and [wolff@adder ~]$ passwd Password: New password: Segmentation fault [wolff@adder ~]$ -- REW] -- Michael Hampton Crossroads Communications System Administrator error@error.net 318 E Burlington, Iowa City, IA 52240 (319) 354-6614
M Shariful Anam
1996-Dec-08 10:57 UTC
Re: [linux-security] Stupid passwd tricks: User with blank GECOS can''t change passwd
On Fri, 6 Dec 1996, IO ERROR wrote:> I have discovered that a user who has a blank GECOS field in the passwd file > under RedHat 4.0 (Colgate) is unable to change passwords. Running the passwd > command goes like this: >Quite interestingsly, on my slackware 3.1 Linux system, a user with blank GECOS field could not log in! The logs says incorrect login with correct and even no password. But after something was put as GECOS, the user could log in, and then after changing the passwd, it never happened again with blank GECOS (not even changing passwd problem)! --- M Shariful Anam <shuman@kaifnet.com> Kaifnet Services -- Bangladesh