Ubuntu
ecryptfs-utils package

Comment 38 for bug 272232

Revision history for this message

Nick (nblatter) wrote on 2009-01-17:

#38

I wanted to agree with Ara that this bug IS still a problem on a fully updated Intrepid system. Not much has been installed. This is important to us because it is causing problem with some of our sysadmin scripts that check the exit code of passwd. Here are details - I have tested this on two different machines, one 32-bit and one 64-bit.

# uname -a
Linux hostname 2.6.27-9-generic #1 SMP Thu Nov 20 22:15:32 UTC 2008 x86_64 GNU/Linux

# cat /etc/issue
Ubuntu 8.10 \n \l

# cat /etc/pam.d/common-password
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix.

# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords. Without this option,
# the default is Unix crypt. Prior releases used the option "md5".
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# See the pam_unix manpage for other options.

# As of pam 1.0.1-5, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
password [success=1 default=ignore] pam_unix.so obscure sha512
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

------------

Finally, entering mismatching passwords when prompted yields:

# passwd
Enter new UNIX password:
Retype new UNIX password:
Sorry, passwords do not match
passwd: password updated successfully

# echo $?
0

------------

I appreciate the effort to fix this.

Thanks.

I wanted to agree with Ara that this bug IS still a problem on a fully updated Intrepid system.  Not much has been installed.  This is important to us because it is causing problem with some of our sysadmin scripts that check the exit code of passwd.  Here are details - I have tested this on two different machines, one 32-bit and one 64-bit.

# uname -a
Linux hostname 2.6.27-9-generic #1 SMP Thu Nov 20 22:15:32 UTC 2008 x86_64 GNU/Linux

# cat /etc/issue
Ubuntu 8.10 \n \l

# cat /etc/pam.d/common-password 
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords.  The default is pam_unix.

# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords.  Without this option,
# the default is Unix crypt.  Prior releases used the option "md5".
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# See the pam_unix manpage for other options.

# here are the per-package modules (the "Primary" block)
password	[success=1 default=ignore]	pam_unix.so obscure sha512
# here's the fallback if no module succeeds
password	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

------------

Finally, entering mismatching passwords when prompted yields:

# passwd
Enter new UNIX password: 
Retype new UNIX password: 
Sorry, passwords do not match
passwd: password updated successfully

# echo $?
0

------------

I appreciate the effort to fix this.

Thanks.

Ubuntuecryptfs-utils package

Comment 38 for bug 272232

Ubuntu
ecryptfs-utils package