Allow user to set preferred password

Thanks for reporting this bug and any supporting documentation. Since this bug has enough information provided for a developer to begin work, I'm going to mark it as confirmed and let them handle it from here. Thanks for taking the time to make Ubuntu better!

Moving to pam, marking Triaged since it's upstream to Debian (most likely will be marked won't fix, but we'll see)

ttk1opc, how are you trying to change the password?
Could you post a screenshot of the problem as well?

Has already been closed as invalid in Debian. :) explanation from that closure message:

> If you set your password as root, as is done at install time, you can set
> as weak of a password as you want. If you set it as a normal user, you are
> constrained by the password strength checking requirements that are in
> place. This is not a bug, this is the intended behavior.

> You can disable these strength checks by removing the 'obscure' option to
> pam_unix in /etc/pam.d/common-password.

Ubuntu may wish to allow admin users to set weaker passwords, but that should be implemented at a different level than in the pam package (i.e., handled in the desktop account management tools).

Alternatively, the installer could invoke pam as the target user instead of as root, in order to apply the same strength checks on initial account creation as at later password changes, but that would seem to be contrary to your goal of being allowed to set a weak password.

Here is the requested screenshot. I clicking the username in the me menu to change password, but If I go into users and groups the same thing happens.

There are far to many ways to run into this bug.
Attaching another screenshot of the same issue from user and groups.

Not being allowed to change the password seems OK , but not being *informed* of alternate ways which this override can be done, seems odd.

Presently it just seems that there is no way a user can set to their preferred password.

Oh well, It doesn't affect me, but I just thought it might annoy some users.

It is pretty annoying as a new user. I remember this issue when I first started using Ubuntu; it would be nice if it could be change with a sudo prompt similar to enter old password, enter new password, confirm new password. I would think that a sudo action would be able to overcome the password strength check. Or am I'm just giving sudo to much credit?

On Tue, Aug 24, 2010 at 08:10:41PM -0000, Lex wrote:
> It is pretty annoying as a new user. I remember this issue when I first
> started using Ubuntu; it would be nice if it could be change with a sudo
> prompt similar to enter old password, enter new password, confirm new
> password. I would think that a sudo action would be able to overcome
> the password strength check. Or am I'm just giving sudo to much credit?

It is possible to do this: 'sudo passwd <username>'.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>

Steve Langasek, While i agree that making it easy for a user to set a very simple password is not the optimal solution.
The issue here is the user is not informed of the alternative [using sudo passwd <uname>] There is no way a user would know about the alternative.

Now we can probably just mention that workaround in the error message.

But a better way would be to direct the user to an FAQ.
Is there an FAQ somewhere about it? We can just add an extra line directing to the FAQ link? Is that possible?

Just to clarify, 'sudo username <password>' does work? If this is the case why not make the GUI perform that action with a prompt to enter the old password.

Send a user to an FAQ seems unnecessary.

It's now invalid in pam(Ubuntu), so I invalidated it in 100papercuts.