From owner-freebsd-bugs Mon Feb 24 14:10:10 2003 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABEA537B401 for ; Mon, 24 Feb 2003 14:10:07 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B35B143FBF for ; Mon, 24 Feb 2003 14:10:06 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h1OMA6NS048672 for ; Mon, 24 Feb 2003 14:10:06 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h1OMA6eU048671; Mon, 24 Feb 2003 14:10:06 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F080A37B401 for ; Mon, 24 Feb 2003 14:08:07 -0800 (PST) Received: from falcon.lipetsk.ru (falcon.lipetsk.ru [195.34.224.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id DDFD943F85 for ; Mon, 24 Feb 2003 14:08:05 -0800 (PST) (envelope-from skynick@stu.lipetsk.ru) Received: from lstu by falcon.lipetsk.ru with UUCP id ; Tue, 25 Feb 2003 01:07:49 +0300 Received: from chuck2.lstu (chuck2.lstu [192.168.15.7]) by maverick.stu.int (8.9.3/8.8.5) with ESMTP id AAA79363 for Tue, 25 Feb 2003 00:56:57 +0300 (MSK) Received: by chuck2.lstu (Postfix, from userid 1000) id 4DDB149EA3; Tue, 25 Feb 2003 00:56:55 +0300 (MSK) Message-Id: <20030224215655.4DDB149EA3@chuck2.lstu> Date: Tue, 25 Feb 2003 00:56:55 +0300 (MSK) From: Nick Leuta Reply-To: Nick Leuta To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/48648: FreeBSD 5/PAM: incorrect handling of space symbols at the end of password Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 48648 >Category: bin >Synopsis: FreeBSD 5/PAM: incorrect handling of space symbols at the end of password >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 24 14:10:06 PST 2003 >Closed-Date: >Last-Modified: >Originator: Nick Leuta >Release: FreeBSD 5.0-CURRENT i386 >Organization: Lipetsk State Technical University >Environment: System: FreeBSD skynick.stu.lipetsk.ru 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Mon Feb 24 12:54:10 MSK 2003 root@skynick.stu.lipetsk.ru:/usr/src/sys/i386/compile/GENERIC i386 >Description: Spaces at the end of the password like "password " are ignored, and only "password" is in use. It's actual only for FreeBSD 5, FreeBSD 4 isn't affected by this problem. So some accounts may become unusable after migration from 4.x systems, or if the password will be set without help of PAM-aware tools. >How-To-Repeat: 1. Use `passwd' command and enter something like "password " after 'New password:' prompt (without `"', of course :-) ). 2. Now `login' utility allows to login with both "password " (with one or more spaces at the end) and "password" passwords, but `telnetd' and `ftpd' daemons honor entered passwords, so only "password" may be used. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message