XDM/GDM Password Utilities Executed as 'root' Do Not Enforce Password Strength Checks in /etc/default/passwd (pam_authtok_check)
(Doc ID 1321384.1)
Last updated on MARCH 06, 2018
Applies to:Solaris Operating System - Version 10 3/05 to 10 9/10 U9 [Release 10.0]
Information in this document applies to any platform.
***Checked for relevance on 21-Oct-2013***
1) Steps to Reproduce
A user account is created with the password forced to change when the user logs in for the first time (e.g. 'passwd -f <user>'). A password is provided to the user. The user logs in and uses the password provided, then the user is prompted to change their password. The user selects enter, and the user is then prompted to confirm their password. The user selects enter again and the return message is;
Xdm: password successfully changed for <userid>
The system has excepted a blank password!
2) Detailed Problem Statement
The problem appears to be running the password change utility as root which has no password restrictions, and cannot have any restrictions imposed when changing a password. If the password change utility is run as a user, the restrictions on the password appear to work correctly as happens when the user telnets into the system. The problem is that if the xdm interface is run with a user id instead of root, the xdm login will not work.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!