Page MenuHomeVyOS Platform
Create Task
Maniphest T7278

Cracklib data is missing from the image which makes it impossible to run password complexity checks
Closed, ResolvedPublicBUG
Actions

Description

To reproduce, update the system image to the latest and add some new user

vyos@r14# set system login user one authentication plaintext-password 12345
[edit]
vyos@r14# commit
[ system login ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/services/vyos-configd", line 144, in run_script
    script.verify(c)
  File "/usr/libexec/vyos//conf_mode/system_login.py", line 164, in verify
    result = evaluate_strength(plaintext_password)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/auth.py", line 57, in evaluate_strength
    cracklib.FascistCheck(passwd)
FileNotFoundError: [Errno 2] No such file or directory: '/var/cache/cracklib/cracklib_dict.pwd'

[[system login]] failed
Commit failed
[edit]
vyos@r14#

The bug was added after merging password complexity https://github.com/vyos/vyos-1x/pull/4390
It cannot find cache.

vyos@r14# ls /var/cache/cracklib
ls: cannot access '/var/cache/cracklib': No such file or directory
[edit]
vyos@r14# 
[edit]
vyos@r14# ls /var/cache/
containers  debconf  private
[edit]
vyos@r14#

It seems not affected on new installed system, but only if you upgrade a system,

It should be reverted or fixed,

Details

Version
VyOS 2025.03.23-0020-rolling
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Viacheslav created this task.Mar 23 2025, 10:02 AM
Viacheslav triaged this task as Urgent! priority.
Viacheslav updated the task description. (Show Details)
Viacheslav added a comment.Mar 23 2025, 5:19 PM

Revert PR https://github.com/vyos/vyos-1x/pull/4411

pasik subscribed.Mar 23 2025, 5:28 PM
Viacheslav added a comment.Mar 24 2025, 11:44 AM

Another possible solution https://github.com/vyos/vyos-build/pull/935

Viacheslav changed the task status from Open to In progress.Mar 24 2025, 11:45 AM
Viacheslav assigned this task to oniko94.
oniko94 mentioned this in rVYOSONEXd9ec5d1e70d3: T7278: Remove cracklib hack from postinstall script template.Mar 25 2025, 5:04 PM
Restricted Repository Identity mentioned this in rVYOSONEX1d419bc2b56a: Merge pull request #4413 from oniko94/fix/T7278-fix-cracklib-dep-build.Mar 25 2025, 5:04 PM
Viacheslav closed this task as Resolved.Mar 28 2025, 6:26 AM
Viacheslav moved this task from Need Triage to Completed on the VyOS Rolling board.
dmbaturin renamed this task from Impossible to create users to Cracklib data is missing from the image which makes it impossible to run password complexity checks.Mar 18 2026, 2:45 PM
dmbaturin added a project: VyOS 1.5 Circinus (2026.03).
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.