Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing cracklib-runtime package prevents password from being updated by non-root user #548

Closed
1 of 6 tasks
lenzc-pasco-wa opened this issue Aug 26, 2024 · 2 comments
Closed
1 of 6 tasks

Missing cracklib-runtime package prevents password from being updated by non-root user #548

lenzc-pasco-wa opened this issue Aug 26, 2024 · 2 comments
Assignees
@mmguero
Labels
bug Something isn't working iso relating to the ISO-installed environment for Malcolm and/or Hedgehog regression It worked at one point... security Related to issues with bearing on the security of Malcolm itself
Milestone
v24.08.0

Comments

@lenzc-pasco-wa
Copy link

Describe the bug
A missing password dictionary prevents the user from changing their own password after initial installation.

To Reproduce
Steps to reproduce the behavior:

  1. Install sensor with easy to type/remember password.
  2. Try to reset password from bash with passwd
  3. After meeting the password requirements, receive error about missing cracklib dictionary.

Expected behavior
The user should be able to change the password without needing to escalate to root to bypass the password checking requirements. The documentation states that Malcolm/Hedgehog uses libpam-pwquality instead of libpam-cracklib.

**Screenshots and/or Logs **
If applicable, attach screenshots or container logs (e.g., the relevant bits of ./scripts/logs) to help explain your problem.
image

Malcolm Version:

  • Version 24.07.0

How are you running Malcolm?

Additional context
Add any other context about the problem here.
@lenzc-pasco-wa lenzc-pasco-wa added the bug Something isn't working label Aug 26, 2024
@mmguero mmguero self-assigned this Aug 26, 2024
@mmguero mmguero added the iso relating to the ISO-installed environment for Malcolm and/or Hedgehog label Aug 26, 2024
@mmguero mmguero added this to the v24.08.0 milestone Aug 26, 2024
@mmguero
Copy link
Collaborator

mmguero commented Aug 26, 2024

Thanks

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Aug 26, 2024
@mmguero
fix bug idaholab#548, missing cracklib-runtime
ee3495f
@mmguero mmguero added regression It worked at one point... security Related to issues with bearing on the security of Malcolm itself labels Aug 26, 2024
@mmguero mmguero changed the title Unable to change local user passwords Missing cracklib-runtime package prevents password from being updated by non-root user Aug 26, 2024
@mmguero mmguero closed this as completed Aug 27, 2024
@mmguero
Copy link
Collaborator

mmguero commented Aug 27, 2024

v24.08.0 should be released today which will rectify this, thanks again.

@mmguero mmguero mentioned this issue Aug 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
bug Something isn't working iso relating to the ISO-installed environment for Malcolm and/or Hedgehog regression It worked at one point... security Related to issues with bearing on the security of Malcolm itself
Projects
Malcolm
Status: Released
Milestone
v24.08.0
Development

No branches or pull requests
8 participants
@mmguero @lenzc-pasco-wa and others