[Bug 2059049] Re: adduser allows no password when PAM's pwquality is restrictively set

Hans Joachim Desserud 2059049 at bugs.launchpad.net
Wed Mar 27 08:17:00 UTC 2024 

*** This bug is a duplicate of bug 2059048 ***
    https://bugs.launchpad.net/bugs/2059048

** This bug has been marked a duplicate of bug 2059048
   adduser allows no password when PAM's pwquality is restrictively set

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/2059049

Title:
  adduser allows no password when PAM's pwquality is restrictively set

Status in adduser package in Ubuntu:
  New

Bug description:
  If pam_pwqaulity is restrictively set a user can still be created by
  adduser without a password.

  e.g.,
  ```
  eslerm at mino:~$ cat /etc/pam.d/common-password |grep pwquality
  password requisite pam_pwquality.so retry=3 minlen=8 maxrepeat=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 difok=3 gecoscheck=1 reject_username enforce_for_root

  eslerm at mino:~$ sudo adduser bar
  info: Adding user `bar' ...
  info: Selecting UID/GID from range 1000 to 59999 ...
  info: Adding new group `bar' (1002) ...
  info: Adding new user `bar' (1002) with group `bar (1002)' ...
  info: Creating home directory `/home/bar' ...
  info: Copying files from `/etc/skel' ...
  New password:
  BAD PASSWORD: The password contains less than 1 digits
  New password:
  BAD PASSWORD: The password contains less than 1 digits
  New password:
  BAD PASSWORD: The password contains less than 1 digits
  passwd: Have exhausted maximum number of retries for service
  passwd: password unchanged
  Try again? [y/N] N
  Changing the user information for bar
  Enter the new value, or press ENTER for the default
      Full Name []:
      Room Number []:
      Work Phone []:
      Home Phone []:
      Other []:
  Is the information correct? [Y/n]
  info: Adding new user `bar' to supplemental / extra groups `users' ...
  info: Adding user `bar' to group `users' ...

  eslerm at mino:~$ sudo cat /etc/shadow|grep bar
  bar:!:19802:0:99999:7:::
  ```

  This was raised as an issue to the Security team. Foundations
  suggested to file a bug. This is possibly only a feature request. If
  this behavior is unexpected by the maintainers, it is likely a
  security issue. I am leaning towards this being a feature request and
  not marking the bug for Public/Private Security.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/2059049/+subscriptions

More information about the foundations-bugs mailing list