Cygwin 1.7.30-1 passwd -R <username> broken and displays password
Thomas Fay
faymous@yahoo.com
Fri Jun 6 20:00:00 GMT 2014
This is a followup to the 1.7.30-1 problem that was reported in:
http://cygwin.com/ml/cygwin/2014-06/msg00058.html
I have detailed exact problem and have included screen shots
In Summary, the problem is that a user password, other than the user logged in, cannot be updated using the
passwd -R command
In version 1.7.30-1 the command "passwd -R <username>" fails with the following message:
"Storing password failed: No such file or directory"
The overall goal is to have the following command work successfully
echo -e 'Passw0rd1\nPassw0rd1' | passwd -R <username>
The original issue is related to something that Corinna was working on.
See https://cygwin.com/ml/cygwin/2014-04/msg00449.html
tom
==================================================================
Below are details with screen shots
==================================================================
Below is summary and associated screen output using version 1.7.25
1) Version is 1.7.25
Administrator@TXFCLDW015D /cygdrive/c/cygwin/bin
$ passwd -v
passwd (cygwin) 1.7.25
Password Utility
Copyright (C) 1999 - 2013 Red Hat, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
2) passwd -R command works for current user logged in, in this case user is Administrator.
Notice that the message text "This functionality stores a password in the registry...etc" is displayed
before the user is prompted to enter the passwords. Also notice that the passwords type in are not
displayed.
Administrator@TXFCLDW015D /cygdrive/c/cygwin/bin
$ passwd -R
This functionality stores a password in the registry for usage by services
which need to change the user context and require network access. Typical
applications are interactive remote logons using sshd, cron task, etc.
This password will always tried first when any privileged application is
about to switch the user context.
Note that storing even obfuscated passwords in the registry is not overly
secure. Use this feature only if the machine is adequately locked down.
Don't use this feature if you don't need network access within a remote
session.
You can delete the stored password by specifying an empty password.
Enter your current password:
Re-enter your current password:
3) passwd -R <username> . This command with <username> allows the logged in user to update password for
another user. This works in versions prior to 1.7.30-1.
Example below user tadadmin user: passwd -R tadadmin
Administrator@TXFCLDW015D /cygdrive/c/cygwin/bin
$ passwd -R tadadmin
This functionality stores a password in the registry for usage by services
which need to change the user context and require network access. Typical
applications are interactive remote logons using sshd, cron task, etc.
This password will always tried first when any privileged application is
about to switch the user context.
Note that storing even obfuscated passwords in the registry is not overly
secure. Use this feature only if the machine is adequately locked down.
Don't use this feature if you don't need network access within a remote
session.
You can delete the stored password by specifying an empty password.
Enter tadadmin's current password:
Re-enter tadadmin's current password:
4) As we know, piping in the pasword to the passwd -R command does not work. User stil gets prompted to
enter password. This is what was addressed and sort of resolved in version 1.7.30-1.
Following commands do not work:
echo -e 'Passw0rd1\nPassw0rd1' | passwd -R
echo -e 'Passw0rd1\nPassw0rd1' | passwd -R <username>
Administrator@TXFCLDW015D /cygdrive/c/cygwin/bin
$ echo -e 'Passw0rd1\nPassw0rd1' | passwd -R tadadmin
This functionality stores a password in the registry for usage by services
which need to change the user context and require network access. Typical
applications are interactive remote logons using sshd, cron task, etc.
This password will always tried first when any privileged application is
about to switch the user context.
Note that storing even obfuscated passwords in the registry is not overly
secure. Use this feature only if the machine is adequately locked down.
Don't use this feature if you don't need network access within a remote
session.
You can delete the stored password by specifying an empty password.
Enter tadadmin's current password:
================================================================================
Below is summary and associated screen output using version new version 1.7.30-1
5) Version is 1.7.30
Administrator@TXFCLDW015D /cygdrive/d/cygwin1.7.30
$ ./passwd -v
passwd (cygwin) 1.7.30
Password Utility
Copyright (C) 1999 - 2014 Red Hat, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
6) passwd -R command works for current user logged in, in this case user is Administrator.
Notice that the password typed in is displayed. Password is not displayed in previous versions.
Also notice that the text mesage ("This functionality stores a password ... " ..etc") is displayed
after the user enters password. In previous versions (i.e. 1.7.25), the text message is displayed
before the usser enter passwords.
Administrator@TXFCLDW015D /cygdrive/d/cygwin1.7.30
$ ./passwd -R
Enter your current password: Home1Del
Re-enter your current password: Home1Del
This functionality stores a password in the registry for usage by services
which need to change the user context and require network access. Typical
applications are interactive remote logons using sshd, cron task, etc.
This password will always tried first when any privileged application is
about to switch the user context.
Note that storing even obfuscated passwords in the registry is not overly
secure. Use this feature only if the machine is adequately locked down.
Don't use this feature if you don't need network access within a remote
session.
You can delete the stored password by specifying an empty password.
7) echo -e 'Passw0rd1\nPassw0rd1' | passwd -R . This command works and is the issue addressed in
original problem. :)
Administrator@TXFCLDW015D /cygdrive/d/cygwin1.7.31-1
$ echo -e 'Passw0rd1\nPassw0rd1' | ./passwd -R
Enter your current password:
Re-enter your current password:
This functionality stores a password in the registry for usage by services
which need to change the user context and require network access. Typical
applications are interactive remote logons using sshd, cron task, etc.
This password will always tried first when any privileged application is
about to switch the user context.
Note that storing even obfuscated passwords in the registry is not overly
secure. Use this feature only if the machine is adequately locked down.
Don't use this feature if you don't need network access within a remote
session.
You can delete the stored password by specifying an empty password.
8) passwd -R <username> - This commadn no longer works. It worked in prior versions. When executed, we
see following error:
"Storing password failed: No such file or directory"
As expected, we get same error when piping in password using:
echo -e 'Passw0rd1\nPassw0rd1' | passwd -R <username>
This is what I am looking to get resolved. Would like the ability to update password for a user other
than the user logged in.
Administrator@TXFCLDW015D /cygdrive/d/cygwin1.7.30
$ ./passwd -R tadadmin
Enter tadadmin's current password: password1
Re-enter tadadmin's current password: password1
Storing password failed: No such file or directory
This functionality stores a password in the registry for usage by services
which need to change the user context and require network access. Typical
applications are interactive remote logons using sshd, cron task, etc.
This password will always tried first when any privileged application is
about to switch the user context.
Note that storing even obfuscated passwords in the registry is not overly
secure. Use this feature only if the machine is adequately locked down.
Don't use this feature if you don't need network access within a remote
session.
You can delete the stored password by specifying an empty password.
---------------------------------------------------------------------------------------------------------
Administrator@TXFCLDW015D /cygdrive/d/cygwin1.7.31-1
$ echo -e 'Passw0rd1\nPassw0rd1' | ./passwd -R tadadmin
Enter tadadmin's current password:
Re-enter tadadmin's current password:
Storing password failed: No such file or directory
This functionality stores a password in the registry for usage by services
which need to change the user context and require network access. Typical
applications are interactive remote logons using sshd, cron task, etc.
This password will always tried first when any privileged application is
about to switch the user context.
Note that storing even obfuscated passwords in the registry is not overly
secure. Use this feature only if the machine is adequately locked down.
Don't use this feature if you don't need network access within a remote
session.
You can delete the stored password by specifying an empty password.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list