#3210 Default password expiration set incorrectly on AIX

1.350
closed-fixed
5
2008-10-20
2008-10-15
Dave
No

On AIX 5.3 (and probably other versions) the "Edit User" page changes the password expiry to the system default for users who have no password expiry.

This is annoying because Webmin administrators can accidentally add password expiries to service accounts simply by making any other change to the user account and saving the page.

The "Edit User" page does not display a field if it is null or 0. (This seems to be normal behaviour on all Webmin systems I've used.)

On AIX, password expiry is an integer in a value of weeks. The field "maxage" is used. A maxage of 0 represents no password expiry.

I believe the issue is to do with the way the AIX 'chuser' command behaves. It occurs because webmin passes an option to the command without a value if the value was previously '0'.

If you execute:
# chuser maxage=26 fred
The 'fred' account has a 26 week password expiry set.

However:
# chuser maxage= fred
Sets the 'fred' account to have a system default password expiry. (This overrides whatever maximum age 'fred' had previously.)

I believe the issue occurs in webmin/useradmin/save_user.cgi. It is specifically in user-lib.pl.

Although I believe I've identified the issue, I'm no Perl coder. (I can barely read it in fact!) I would love it if somebody could fix this please.

I believe the solution could be to ensure that 'maxage' ('max' variable in user-lib.pl) is set to 0 if it was 0 when the edit_user.cgi page was loaded.

Thank you!

Discussion

  • Jamie Cameron

    Jamie Cameron - 2008-10-15
    • status: open --> closed-fixed
     
  • Jamie Cameron

    Jamie Cameron - 2008-10-15

    Thanks for pointing this out - the cause is that Webmin doesn't differentiate between 0 and no valid set for the maxage and other AIX-specific parameters, which is wrong. I will fix this in the next release, and have attached a fixed version of the Users and Groups module to this bug report. If you could try it out, I would be grateful, as I don't have an AIX box to test on (the original Webmin code for AIX was contributed by another user).

    File Added: useradmin.wbm.gz

     
  • Jamie Cameron

    Jamie Cameron - 2008-10-15

    Fixed Users and Groups module

     
  • Dave

    Dave - 2008-10-16

    Thank you for the very fast response Jamie!

    I'm afraid I have had a few issues with the module you provided.

    * One is GUI related. It could be because I have loaded your module in to an older version that we're running (version 1.350). Please see the attached png images where I have indicated blank buttons with a red oval.

    * In relation to the above point, when I try to use the empty field at the bottom of the page I am able to select a group using the "..." button. However, as soon as I click the button to the left of the column the following error occurs:

    Error - Perl execution failed
    Undefined subroutine &main::ui_columns_table called at /opt/webmin/useradmin/list_logins.cgi line 41.

    * The other issue concerns me more is when trying to select a user on the page itself. When I do so this error occurs:

    Error - Perl execution failed
    Undefined subroutine &main::ui_filebox called at /opt/webmin/useradmin/edit_user.cgi line 135.

    * Finally, I can't seem to display groups on the page. It only shows a list of users. Perhaps they're in the other unlabelled tab?

    Thanks again!
    Dave.
    File Added: webmin_usersandgroups_page_top.png

     
  • Dave

    Dave - 2008-10-16
    • status: closed-fixed --> open-rejected
     
  • Dave

    Dave - 2008-10-16

    Attaching second image...
    File Added: webmin_usersandgroups_page_bottom.png

     
  • Dave

    Dave - 2008-10-16

    I neglected to ask the obvious question!
    Do I need to upgrade our copies of Webmin to the latest version in order for your module to work please?

    I also didn't correctly report one of the points below.
    When I try to use the empty field at the bottom of the page I am able to select *users* using the "..." button. (Users and groups have similar names!)

    I have not seen any indication of groups with the updated module.

    Thanks again!

     
  • Jamie Cameron

    Jamie Cameron - 2008-10-16

    Oh, I didn't realized you were running an older Webmin release - I would recommend upgrading to the 1.435 version, available from http://www.webmin.com/devel.html

     
  • Dave

    Dave - 2008-10-20

    Hello Jamie,

    I haven't had an opportunity to upgrade Webmin on a test box until today. I can now confirm that this bug exists in 1.430 and 1.435.

    The updated module you have supplied still causes the graphical issues as seen in my existing attachments. With version 1.435 I am now able to get in to the edit_users but it too has issues. (See new attachment)

    I'm afraid to also report that the bug has not been fixed. If I edit the user in any way the 'maxage' variable is still being set back to system default. :(

    Please let me know if I can give you any more information.
    File Added: edit_user.png

     
  • Dave

    Dave - 2008-10-20

    Broken Edit User Page in Webmin 1.435 on AIX

     
  • Jamie Cameron

    Jamie Cameron - 2008-10-20
    • status: open-rejected --> open-accepted
     
  • Dave

    Dave - 2008-10-20
     
  • Dave

    Dave - 2008-10-20

    Thanks very much Jamie!
    The bug (and other issues) are fixed!!

    Just before you finish this one, could I possibly impose upon you once more please? Would it be possible to do a little formatting change in order to improve the new version of this page?

    Note that due to the way our network works and the way I have to test this, the best browser I've been able to test this with is Firefox 2.0.0.17 on Solaris. (I upgraded to it from the ancient Mozilla install on our servers in case they were causing the issue.)

    I've attached an image of how the Password Options section looks in your fixed User Admin page. Please see this first.

    Would it be possible to somehow adjust the columns such that the words "System default" do not appear across two lines? That is, so that the radio buttons appear beneath each other for the two fields "Minimum weeks" and "Warning days"?

    There is a similar issue with the "Maximum weeks" field where a newline could help put the two radio buttons for that field together.

    Thank you again!
    Dave.
    File Added: password_options.png

     
  • Jamie Cameron

    Jamie Cameron - 2008-10-20
    • status: open-accepted --> closed-fixed
     
  • Jamie Cameron

    Jamie Cameron - 2008-10-20

    Great! This fix will go into Webmin 1.440 (due on this week I hope), and I will re-format that page so that the fields aren't all squashed together.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks