GNOME Bugzilla – Bug 336872
Freeze when trying to change a password and there is not old password
Last modified: 2007-11-10 15:41:06 UTC
Original report: https://launchpad.net/distros/ubuntu/+source/control-center/+bug/26939 I've set password of one user in my system to empty (removed all symbols in /etc/shadow password field) and told him, that he must change password when he will login first time. After few days this user told, that he can't change password, because about-me control center applet freezes forever when I'm trying to change password :( This bug is 100% reproducible: 1. login with some user 2. removed all symbols in /etc/shadow password field for that user 3. Choose System->Settings->"About Me" and then press on "Change Password.." button 4. Don't enter anything in "Old password" field (because password is empty - try to login in console for testing) and enter new password twice. Actual results: About-me control center applet freezes forever when trying to change password Expected tesults: 1. About-me control center applet's "Change Password" dialog should'nt ask for old password if there are no password (password is empty) - "Change Password" dialog shouldn't display field "Old password" or this field should be disabled in this dialog if there are no password (password is empty). Command-line tool for password changing - passwd command does exactly what user expect - it doesn't ask for old password (current password), when password is empty. 2. About-me control center applet should'nt freeze forever when trying to change password :)
This freeze bug still exists in latest (GNOME 2.20) version. Button "Authenticate" works fine when user has empty password, but GNOME password changing utility still gets frozen when you enter new password and press "Change password" button. 4 stable GNOME versions were released since this important password change bug was released - why nobody cares about freeze of GNOME password changing application ? Btw, you can use 'passwd -d username' command instead of removing password from /etc/shadow manually. I also think, that GNOME password changing utility should be able to let user make empty password, like 'passwd -d username' command. It's safer to have empty password from having very simple password, like one character - when you have empty password, then others can't connect to your computer through SSH or remote login service.
I think there are two problems: * not many people care about about-me * the password changing part is a complete mess and the hang you're running into is basically unfixable without completely rewriting how authentication/password handling is done
Created attachment 98458 [details] [review] attempt to properly recognize users with no passwords set Ok, here's an attempt to fix it anyway. Please test extensively (also situations that used to work before), and let me know whether it helps. Works for me, but since it depends heavily on the output of passwd, your results may differ.
If this was such an important problem, you could at least help testing fixes. Anyway, according to other people I pestered to try this, it seems to work, so... 2007-11-10 Jens Granseuer <jensgr@gmx.net> * gnome-about-me-password.c: (authenticated_user), (io_watch_stdout): don't get confused when the user does not have a password set and passwd immediately asks for the new one. This resulted in an endless loop up to now (bug #336872)