[Pkg-ltsp-devel] Bug#482553: ldm: password change doesn't work
John S. Skogtvedt
jss2k2 at getmail.no
Thu Jun 5 09:50:46 UTC 2008
Vagrant Cascadian skrev:
> On Fri, May 23, 2008 at 03:59:18PM +0200, John S. Skogtvedt wrote:
>> When trying to log in as a user with an expired password,
>> I experienced the following problems:
> ...snip...
>> I have attached a patch which should fix these problems.
>
> applied your patch to the version just uploaded to unstable, even though
> there are still likely cases where it will hang. i didn't close the bug
> since there are outstanding issues.
>
> i am curious if this line is a good idea, though:
>
> @@ -256,7 +261,6 @@
>
> seen = expect(fd, 30.0, "updated successfully", NULL);
> if (seen == 1) {
> - bzero(ldminfo.password, sizeof ldminfo.password);
> return 2;
> }
>
> by removing that line, is it leaving the password sitting in memory?
>
> live well,
> vagrant
>
Zeroing the password there means that the user has to enter the password
a third time to be able to log in (and ldm doesn't give proper feedback).
It shouldn't be a problem, because the password is zeroed in main().
More information about the Pkg-ltsp-devel
mailing list