Alan McKinnon wrote:
experiment to see if it's the new hashes that are doing it. Find an account
that can sudo to root on the affected machines and examine the shadow file.
See what kind of hashes the affected accounts are using. md5 is 34 characters
long and sha512 is 98 in this format:
$x$<salt>$<hash>
x is 1 for md5 and 6 for sha512. <salt> is 8 characters for both
Thanks for spending time with this. After looking at the shadow file, I
have accounts with both md5 and sha512. In particular affected accounts
that have md5 and sha512.
I looked closely at the .bashrc (used echo "made to here" marks to
follow the login sequence) of the bad accounts and they were all
sourcing a script from a third-party package that went bad after the OS
update. Luckily this was not in all accounts and specially not in the
root account. Otherwise I would have been locked outside the machine.
After getting rid of that line in the users .bashrc all returned to normal.
One more thing to do was to uncomment the line
PrintMotd no
PrintLastLog no
in /etc/sshd_config to avoid the double motd/last log messages upon
login.I guess after the portage update, pam is now printing that.
Here's mine which works:
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
And you did confirm that sudo checks for wheel group membership, and that you
are still in this group?
This is exactly like mine.
Thanks for all the help.
--
Valmor
