Bug 48648

Summary: FreeBSD 5/PAM: incorrect handling of space symbols at the end of password
Product: Base System Reporter: Nick Leuta <skynick>
Component: binAssignee: Dag-Erling Smørgrav <des>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   

Description Nick Leuta 2003-02-24 22:10:06 UTC 
Spaces at the end of the password like "password " are ignored, and only
"password" is in use. It's actual only for FreeBSD 5, FreeBSD 4 isn't affected
by this problem. So some accounts may become unusable after migration from 4.x
systems, or if the password will be set without help of PAM-aware tools.

How-To-Repeat: 1. Use `passwd' command and enter something like "password " after
'New password:' prompt (without `"', of course :-) ).
2. Now `login' utility allows to login with both "password " (with one or more
spaces at the end) and "password" passwords, but `telnetd' and `ftpd' daemons
honor entered passwords, so only "password" may be used.
Comment 1 Kris Kennaway freebsd_committer freebsd_triage 2003-07-13 07:03:29 UTC 
Responsible Changed
From-To: freebsd-bugs->des

Assign to PAM maintainer
Comment 2 Dag-Erling Smørgrav 2003-08-19 12:52:13 UTC 
PAM's default conversation function trims whitespace from the end of
the line entered by the user.  I would recommend avoiding spaces in
passwords.

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no
Comment 3 Nick Leuta 2003-11-27 14:49:09 UTC 
Avoiding spaces in  passwords may be used as a workaround, but not as a
solution. Such passwords work in FreeBSD 2.x/3.x/4.x, in Linux, in
Windows... And they don't work in FreeBSD 5.

Also, it may be a problem in case of migration from 4.x to 5.x. But if
somebody knows a way to check 300-500 password hashes for spaces at the end
of password...

=======
SkyNick
Comment 4 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2004-01-27 07:11:37 UTC 
State Changed
From-To: open->closed

fixed last december, thanks.