[expert] Changing to security level 3 or 4 makes it impossible to change user passwords?!

Fri, 21 Sep 2001 16:25:58 -0700 

    [I first sent this out on the 17th, but it seems to have been lost
to a power glitch at Mandrake - retrying.]

    I've just changed some of the security levels on one of my machines
running Mandrake 8.0 - from no security whatsoever while running inside
our corporate VPN, to 'msec 4' now that I'm running behind a Linksys NAT
router to a DSL line. I now find it impossible to change user account
passwords. I did try backing off to 'msec 3', but that didn't help.

    passwd claims 'all authentication tokens updated successfully' when
run as root to change a user account's password (e.g. 'passwd
<userlogin>') - but no change occurs in the password file. In addition,
/var/log/auth.log shows a message like

      <machine> PAM_pwdb[#]: password for (login/UID) changed by (root/0)

    So passwd appears to think it did something correctly - but as best
I can tell, it actually does nothing at all.

    There are no problems changing *root*'s password, just user
passwords. In addition, attempts to change user passwords when su'ed to
that user simply fail:

      % passwd
      Changing password for <login>
      (current) UNIX password:<entered>
      passwd: Authentication service cannot retrieve authentication info.

    Is this perhaps something to do with PAM? /etc/pam.d/passwd looks like

      #%PAM-1.0
      auth      required    /lib/security/pam_pwdb.so shadow nullok
      account   required    /lib/security/pam_pwdb.so
      password          required    /lib/security/pam_cracklib.so retry=3
      password          required    /lib/security/pam_pwdb.so use_authtok nullok 
shadow md5

    But pam.d/passwd wasn't changed when I ran 'msec', anyway, so I'm
grabbing wildly for ideas. I tried rebuilding and debugging passwd, but
the problem seems to lie somewhere down inside the PAM libraries, which
are harder to rebuild and understand. I also tried removing the 'shadow'
keyword from the pam.d/passwd conf. file, since I'm not using shadow
passwords at present, but no change in behavior resulted.

    Has anyone seen this behavior or know what's up? I searched in the
expert mail archives and on Google, but couldn't turn up a similar
problem report.

    Thanks,
    Jon


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to