Very Computer

by **Ing. J Gabriel Ruiz Pin** » Wed, 23 Oct 1991 06:12:22

I have a problem with the password expiration scheme on AIX 3.1.5.
When a user password has expired and some body tries to login to that
account, the login program sends a prompt requesting the old password.
But, the problem is that I can type just a <RETURN> and the login
program skips the old password verification, and then asks for a new
one!!!

For example:

csh> login news
3004-609 Your password has expired.
Please choose a new password.
news's Old password: <RETURN>
news's New password: my-new-password
Enter the new password again: my-new-password

Any body knows something about this? Is something wrong with my
configuration?

--

Ing. Sistemas Electronicos
Depto. de Tecnologia Computacional y de Informacion
I.T.E.S.M. Campus Monterrey

by **Esa Kare** » Thu, 24 Oct 1991 15:58:30

This is a know notorious bug. Get a fix from your local IBM support.

Tel. +358-0 513 081

by **bi..** » Fri, 25 Oct 1991 15:31:02

Just experienced the same behaviour here - not too ompressive...
I'll give IBM a call when they open

Bjorn

/////////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
But, but, everyone KNOWS that all the answers can be found in manuals!
Don't you still have your copy of "Life: A User's Manual", that came with
your wetware? :)
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\////////////////////////////////////

by **bi..** » Fri, 25 Oct 1991 17:34:42

There is a fix for this, provided that you aer on 2006...
2006 are not distributed unless the customer "experiences problems"
and requests it...
Forgot tha apar number (sorry).

Bjorn

by **Zvika Bar-Dero** » Fri, 25 Oct 1991 11:38:36

Gabriel Ruiz Pinto) says:

Quote:
> I have a problem with the password expiration scheme on AIX 3.1.5.
>When a user password has expired and some body tries to login to that
>account, the login program sends a prompt requesting the old password.
> But, the problem is that I can type just a <RETURN> and the login
>program skips the old password verification, and then asks for a new
>one!!!

> For example:

>csh> login news
>3004-609 Your password has expired.
> Please choose a new password.
>news's Old password: <RETURN>
>news's New password: my-new-password
>Enter the new password again: my-new-password

> Any body knows something about this? Is something wrong with my
>configuration?

This sounds like a HUGE security hole, and unless you have actually
modified the respective programs, it shouldn't matter what you have
configured. My only advice - get your level 1/2 open a PMR asap, and
make them understand how serious this is .. and if they try to tell
you that in the next release the problem's solved, insist on getting
a PTF immediately - the next release is not yet here, and even if it
were you don't have to update the day you get it !

Good luck, and let me/us know what happened with the support center.

>Ing. Sistemas Electronicos
>Depto. de Tecnologia Computacional y de Informacion
>I.T.E.S.M. Campus Monterrey

/Zvika

Zvika Bar-Deroma Phone: (+972)-4-292706
Faculty of Aerospace Engineering, Fax : (+972)-4-231848
Technion
Haifa 32000
Israel

UUCP : ...!uunet!pucc.princeton.edu!technion!aer7101