X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:subject:to:mime-version
	:content-type; q=dns; s=default; b=uO+dh3K6QB5mipQDfdFONN5kSL62w
	5JbtQcU4c5wpJ0WZohjl6wmZUc0RSUg+dJn62WCgFVFN3A/W150wWVL8bRzE1TQo
	QPS6tKGkAmrivK+daBJyqJ9ChoTyIMS0SG8JJhhT2SUog+m4XVI0gmC/xrHMWw8l
	s7vY+rugzSYheE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:subject:to:mime-version
	:content-type; s=default; bh=5stK571rRlCPBAStFTQko2zZWlI=; b=Xxy
	PoXH+1L9j9bNJvotBNqFvHgMJWhnGQ6geOnkojLnQX+FmgpSCOQ5AGX7m8/c1Y6O
	4o5tN+BwVan05PNeouYb1IYnpugjv/zvuGTMn/UFDV7AIEpY8wJHY5kvPIYxFaaL
	lqjMt8TOppgTHWl1tjGcUWEWdeNAjgSUjlE5glG8=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=2.3 required=5.0 tests=AWL,BAYES_05,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2
X-HELO: nm8-vm0.bullet.mail.ne1.yahoo.com
Message-ID: <1402084839.45208.YahooMailBasic@web120001.mail.ne1.yahoo.com>
Date: Fri, 6 Jun 2014 13:00:39 -0700 (PDT)
From: Thomas Fay <faymous AT yahoo DOT com>
Subject: Cygwin 1.7.30-1 passwd -R <username> broken and displays password
To: cygwin AT cygwin DOT com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii



This is a followup to the 1.7.30-1 problem that was reported in:
  http://cygwin.com/ml/cygwin/2014-06/msg00058.html

I have detailed exact problem and have included screen shots

In Summary, the problem is that a user password, other than the user logged in, cannot be updated using the
passwd -R command 

In version 1.7.30-1 the command "passwd -R <username>" fails with the following message:
"Storing password failed: No such file or directory"


The overall goal is to have the following command work successfully

    echo -e 'Passw0rd1\nPassw0rd1' | passwd -R <username>



The original issue is related to something that Corinna was working on.

See  https://cygwin.com/ml/cygwin/2014-04/msg00449.html


tom

==================================================================

Below are details with screen shots

==================================================================

Below is summary and associated screen output using version 1.7.25

1) Version is 1.7.25


    Administrator AT TXFCLDW015D /cygdrive/c/cygwin/bin
    $ passwd -v
    passwd (cygwin) 1.7.25
    Password Utility
    Copyright (C) 1999 - 2013 Red Hat, Inc.
    This is free software; see the source for copying conditions.  There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.



2) passwd -R command works for current user logged in, in this case user is Administrator.
  Notice that the message text "This functionality stores a password in the registry...etc" is displayed
  before the user is prompted to enter the passwords. Also notice that the passwords type in are not
  displayed.

    Administrator AT TXFCLDW015D /cygdrive/c/cygwin/bin
    $ passwd -R
    This functionality stores a password in the registry for usage by services
    which need to change the user context and require network access.  Typical
    applications are interactive remote logons using sshd, cron task, etc.
    This password will always tried first when any privileged application is
    about to switch the user context.

    Note that storing even obfuscated passwords in the registry is not overly
    secure.  Use this feature only if the machine is adequately locked down.
    Don't use this feature if you don't need network access within a remote
    session.

    You can delete the stored password by specifying an empty password.

    Enter your current password:
    Re-enter your current password:



3) passwd -R <username> . This command with <username> allows the logged in user to update password for
  another user. This works in versions prior to 1.7.30-1.
 
    Example below user tadadmin user:  passwd -R tadadmin


    Administrator AT TXFCLDW015D /cygdrive/c/cygwin/bin
    $ passwd -R tadadmin
    This functionality stores a password in the registry for usage by services
    which need to change the user context and require network access.  Typical
    applications are interactive remote logons using sshd, cron task, etc.
    This password will always tried first when any privileged application is
    about to switch the user context.

    Note that storing even obfuscated passwords in the registry is not overly
    secure.  Use this feature only if the machine is adequately locked down.
    Don't use this feature if you don't need network access within a remote
    session.

    You can delete the stored password by specifying an empty password.

    Enter tadadmin's current password:
    Re-enter tadadmin's current password:




4) As we know, piping in the pasword to the passwd -R command does not work. User stil gets prompted to
  enter password. This is what was addressed and sort of resolved in version 1.7.30-1. 

    Following commands do not work:

      echo -e 'Passw0rd1\nPassw0rd1' | passwd -R 
      echo -e 'Passw0rd1\nPassw0rd1' | passwd -R <username>


    Administrator AT TXFCLDW015D /cygdrive/c/cygwin/bin
    $ echo -e 'Passw0rd1\nPassw0rd1' | passwd -R tadadmin
    This functionality stores a password in the registry for usage by services
    which need to change the user context and require network access.  Typical
    applications are interactive remote logons using sshd, cron task, etc.
    This password will always tried first when any privileged application is
    about to switch the user context.

    Note that storing even obfuscated passwords in the registry is not overly
    secure.  Use this feature only if the machine is adequately locked down.
    Don't use this feature if you don't need network access within a remote
    session.

    You can delete the stored password by specifying an empty password.

    Enter tadadmin's current password:



================================================================================

Below is summary and associated screen output using version new version 1.7.30-1


5) Version is 1.7.30


    Administrator AT TXFCLDW015D /cygdrive/d/cygwin1.7.30
    $ ./passwd -v
    passwd (cygwin) 1.7.30
    Password Utility
    Copyright (C) 1999 - 2014 Red Hat, Inc.
    This is free software; see the source for copying conditions.  There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


6) passwd -R command works for current user logged in, in this case user is Administrator.
  Notice that the password typed in is displayed. Password is not displayed in previous versions.
  Also notice that the text mesage ("This functionality stores a password ... " ..etc") is displayed
  after the user enters password. In previous versions (i.e. 1.7.25), the text message is displayed
  before the usser enter passwords.

    Administrator AT TXFCLDW015D /cygdrive/d/cygwin1.7.30
    $ ./passwd -R
    Enter your current password: Home1Del

    Re-enter your current password: Home1Del
   
    This functionality stores a password in the registry for usage by services
    which need to change the user context and require network access.  Typical
    applications are interactive remote logons using sshd, cron task, etc.
    This password will always tried first when any privileged application is
    about to switch the user context.

    Note that storing even obfuscated passwords in the registry is not overly
    secure.  Use this feature only if the machine is adequately locked down.
    Don't use this feature if you don't need network access within a remote
    session.

    You can delete the stored password by specifying an empty password.



7) echo -e 'Passw0rd1\nPassw0rd1' | passwd -R  . This command works and is the issue addressed in
  original problem. :)


    Administrator AT TXFCLDW015D /cygdrive/d/cygwin1.7.31-1
    $ echo -e 'Passw0rd1\nPassw0rd1' | ./passwd -R
    Enter your current password:
    Re-enter your current password:
    This functionality stores a password in the registry for usage by services
    which need to change the user context and require network access.  Typical
    applications are interactive remote logons using sshd, cron task, etc.
    This password will always tried first when any privileged application is
    about to switch the user context.

    Note that storing even obfuscated passwords in the registry is not overly
    secure.  Use this feature only if the machine is adequately locked down.
    Don't use this feature if you don't need network access within a remote
    session.

    You can delete the stored password by specifying an empty password.



8) passwd -R <username> - This commadn no longer works. It worked in prior versions.  When executed, we
  see following error:
 
    "Storing password failed: No such file or directory"

  As expected, we get same error when piping in password using:

    echo -e 'Passw0rd1\nPassw0rd1' | passwd -R <username>

  This is what I am looking to get resolved. Would like the ability to update password for a user other
  than the user logged in.


    Administrator AT TXFCLDW015D /cygdrive/d/cygwin1.7.30
    $ ./passwd -R tadadmin
    Enter tadadmin's current password: password1

    Re-enter tadadmin's current password: password1

    Storing password failed: No such file or directory
    This functionality stores a password in the registry for usage by services
    which need to change the user context and require network access.  Typical
    applications are interactive remote logons using sshd, cron task, etc.
    This password will always tried first when any privileged application is
    about to switch the user context.

    Note that storing even obfuscated passwords in the registry is not overly
    secure.  Use this feature only if the machine is adequately locked down.
    Don't use this feature if you don't need network access within a remote
    session.

    You can delete the stored password by specifying an empty password.

    ---------------------------------------------------------------------------------------------------------

  Administrator AT TXFCLDW015D /cygdrive/d/cygwin1.7.31-1
    $ echo -e 'Passw0rd1\nPassw0rd1' | ./passwd -R tadadmin
    Enter tadadmin's current password:
    Re-enter tadadmin's current password:
    Storing password failed: No such file or directory
    This functionality stores a password in the registry for usage by services
    which need to change the user context and require network access.  Typical
    applications are interactive remote logons using sshd, cron task, etc.
    This password will always tried first when any privileged application is
    about to switch the user context.

    Note that storing even obfuscated passwords in the registry is not overly
    secure.  Use this feature only if the machine is adequately locked down.
    Don't use this feature if you don't need network access within a remote
    session.

    You can delete the stored password by specifying an empty password.









--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple