Solaris 10: XDM (and GDM) and password utilities executed as 'root' do not enforce password strength checks defined in /etc/default/passwd (pam_authtok_check) (Doc ID 1321384.1)

Last updated on MARCH 10, 2017

Applies to:

Solaris Operating System - Version 10 3/05 and later
Information in this document applies to any platform.
***Checked for relevance on 21-Oct-2013***

Symptoms

1) Steps to Reproduce
A user account is created with the password forced to change when the user logs in for the first time (e.g. 'passwd -f <user>').  A password is provided to the user.  The user logs in and uses the password provided, then the user is prompted to change their password.  The user selects enter, and the user is then prompted to confirm their password.  The user selects enter again and the return message is;
Xdm: password successfully changed for <userid>
The system has excepted a blank password!

2) Detailed Problem Statement
The problem appears to be running the password change utility as root which has no password restrictions, and cannot have any restrictions imposed when changing a password.  If the password change utility is run as a user, the restrictions on the password appear to work correctly as happens when the user telnets into the system.  The problem is that if the xdm interface is run with a user id instead of root, the xdm login will not work.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms