[Pkg-cups-devel] Bug#378063: cupsys: lppasswd's password quality check encourages bad passwords

Ambrose Li ambrose.li at cccgt.org
Thu Jul 13 00:32:44 UTC 2006


Package: cupsys
Version: 1.2.1-3
Severity: normal


{root at tea:~}# lppasswd -a root
Enter password: (user types super long and hard to guess password with symbols etc.)
Enter password again: (user repeats the password)
lppasswd: Sorry, password rejected.
Your password must be at least 6 characters long, cannot contain
your username, and must contain at least one letter and number.
{root at tea:~}#

If the user types a really bad password like "xyz123", lppasswd will accept the password.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.28-ow1
Locale: LANG=zh_TW.Big5, LC_CTYPE=zh_TW.Big5 (charmap=BIG5)

Versions of packages cupsys depends on:
ii  adduser                  3.91            Add and remove users and groups
ii  debconf [debconf-2.0]    1.5.2           Debian configuration management sy
ii  gs-esp                   8.15.1.dfsg.1-2 The Ghostscript PostScript interpr
ii  libacl1                  2.2.39-1        Access control list shared library
ii  libc6                    2.3.6-15        GNU C Library: Shared libraries
ii  libcupsimage2            1.2.1-3         Common UNIX Printing System(tm) - 
ii  libcupsys2               1.2.1-3         Common UNIX Printing System(tm) - 
ii  libdbus-1-2              0.62-4          simple interprocess messaging syst
ii  libgnutls13              1.3.5-1.1       the GNU TLS library - runtime libr
ii  libldap2                 2.1.30-13       OpenLDAP libraries
ii  libpam0g                 0.79-3.1        Pluggable Authentication Modules l
ii  libpaper1                1.1.19          Library for handling paper charact
ii  libslp1                  1.2.1-5         OpenSLP libraries
ii  lsb-base                 3.1-10          Linux Standard Base 3.1 init scrip
ii  patch                    2.5.9-4         Apply a diff file to an original
ii  perl-modules             5.8.8-6         Core Perl modules
ii  procps                   1:3.2.7-2       /proc file system utilities
ii  xpdf-utils [poppler-util 3.01-8          Portable Document Format (PDF) sui
ii  zlib1g                   1:1.2.3-12      compression library - runtime

Versions of packages cupsys recommends:
ii  cupsys-client                 1.2.1-3    Common UNIX Printing System(tm) - 
pn  foomatic-filters              <none>     (no description available)
ii  smbclient                     3.0.22-1   a LanManager-like simple client fo

-- debconf information:
  cupsys/raw-print: true
  cupsys/ports: 631
* cupsys/backend: ipp, lpd, parallel, socket, usb
  cupsys/portserror:
  cupsys/browse: true




More information about the Pkg-cups-devel mailing list