[lsb-discuss] Bug in lsb-runtime IA32 3.1.0-6 LSB.pam/testcases/pam_chauthtok .1, 2, 8 (chauthtok)

mdittmar at linux-ag.de mdittmar at linux-ag.de
Fri Jun 16 05:47:55 PDT 2006 

<---------------part A------------------->
Submitters Name: Martin Dittmar

Email: mdittmar at linux-ag.de

Organization Name: 
Linux Information Systems AG


Computer Type/Model/Operating System: 
i686, amd, debian sarge


<---------------part B------------------->

Test Suite/Version: 
lsb-runtime IA32 3.1.0-6

Test ID: LSB.pam/testcases/pam_chauthtok .1,2,8

Problem Synopsis: PASS_MIN_DAYS  !=  0 in /etc/login.defs leads to failing tests

Proposed Reason Code: 1
(1=Fault in Test Suite, 
2=Problem in the Specification, 
3=Minor fault on system under test)

Error Description: 
On the the tested system the file "/etc/login.defs" has set "PASS_MIN_DAYS 7".

That's why when the vsxgen users are created, the entry in /etc/shadow is created as follows:

vsx0:bC5DIOJ4AdVVs:13315:7:45:7:::

That means the password can be changed only once in 7 days by the user.
That leads to a "Fail" of the described tests (See report below)

In LSB there is no default value "PASS_MIN_DAYS 0" specifified, so the test should make sure it is set to 0 - either before or as a part of the test (e.g. by using the C interfaces like the passwd program)

At least there should be a note, that the test will fail with such a system configuration.


************************************************************************
        /tset/LSB.pam/testcases/pam_chauthtok/pam_chauthtok 1   Failed

                Test Information:
        Sending password test
         pam_chauthtok returned Authentication token manipulation error when
                expected to succeed
        ************************************************************************
        ************************************************************************
        /tset/LSB.pam/testcases/pam_chauthtok/pam_chauthtok 2   Failed

                Test Information:
        Sending password test
         pam_chauthtok failed with correct password and
         PAM_DISALLOW_NULL_AUTHTOK when expected to succeed.
         It returned Authentication token manipulation error
        ************************************************************************
        ************************************************************************
        /tset/LSB.pam/testcases/pam_chauthtok/pam_chauthtok 8   Failed
                Test Information:
        Sending password test
         pam_chauthtok returned Authentication token manipulation error
         It was expected to return PAM_AUTHTOK_LOCK_BUS
        ***********************************************************************


Solution: 
the /etc/shadow entry for vsx0 could be reviewed and, if needed, corrected before running the tests.
It would be possible to use a C interface like the passwd program for this (http://cvs.pld.org.pl/shadow/src, http://cvs.pld.org.pl/shadow/lib)

Another possibility would be to do this as part of the pre/postinst script of the rpm.

More information about the lsb-discuss mailing list