Re: Help!!! - Potato upgrade using dselect trashed computer...
In the dselect list I see passwd19990827-7 shadowI do not see a package called shadow. I am getting my debian from ftp.debian.org/debian unstable main contrib non-free There is not a package called pam-apps on the list. Do you think the segmentation faults I get with passwd, su, and login is caused by pam or is a problem with the version of the commands? Doug Ben Collins wrote: On Sat, Oct 23, 1999 at 03:18:49PM -0700, Doug Thistlethwaite wrote: Ben, I didn't even see pam-apps on the list in dselect. Then what version of passwd and shadow do you have _installed_? Ben
Re: Help!!! - Potato upgrade using dselect trashed computer...
Ben, Out of despration, I tried the lines below instead of the ones you gave me. Lines you had me use: auth required pam_unix_auth.so account required pam_unix_acct.so password required pam_unix_passwd.so session required pam_unix_session.so Lines taken from the other.dpkg-dist auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so I can now login under a virtual terminal so I am going to try rebooting to see if that clears the xserver. What does the difference between what you gave me and what seems to work? Am I missing some files? Doug
Re: Help!!! - Potato upgrade using dselect trashed computer...
On Sun, Oct 24, 1999 at 08:30:23AM -0700, Doug Thistlethwaite wrote: Ben, Out of despration, I tried the lines below instead of the ones you gave me. Lines you had me use: auth required pam_unix_auth.so account required pam_unix_acct.so password required pam_unix_passwd.so session required pam_unix_session.so Lines taken from the other.dpkg-dist auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so I can now login under a virtual terminal so I am going to try rebooting to see if that clears the xserver. What does the difference between what you gave me and what seems to work? Am I missing some files? I suggest reinstalling the libpam* packages. The pam_unix_*.so modules are only symlinks to pam_unix.so in the latest PAM packages. If that's not the case on your system, then you had a bad upgrade (and most likely you should reinstall _all_ of the PAM packages, not just the modules). Ben
Help!!! - Potato upgrade using dselect trashed computer...
Hello Help! I have a potato system that was running fine until a few minutes ago... I used dselect to select a package and it wanted to upgrade a bunch on stuff. I let it because I was interested to see how long it would take with my new DSL connection. After the upgrade I have seen these problems: (It upgraded about 50M of packages). 1. I can not login to a virtual terminal. When I try I do not even get prompted for a password. I looked in my /etc/passwd file and all of the password fields are now :x: except for a user called 'admin'. 2. I tried to set a password of an account and I get a segmentation fault when I try to run passwd. 3. My x-server CTRL-ALT + F7 now has the following error message instead of a graphical login screen. su[4340] PAM (other) illegal module type: OTHER What is going on? Please help me recover my system. I currently have a single login as root where I was running dselect. I am afraid to log off because I don't want to be locked out permanently. Thanks in advance, Doug
Re: Help!!! - Potato upgrade using dselect trashed computer...
On Sat, Oct 23, 1999 at 12:19:48AM -0700, Doug Thistlethwaite wrote: Hello Help! I have a potato system that was running fine until a few minutes ago... After the upgrade I have seen these problems: (It upgraded about 50M of packages). 1. I can not login to a virtual terminal. When I try I do not even get prompted for a password. I looked in my /etc/passwd file and all of the password fields are now :x: except for a user called 'admin'. The x indicates shadow passwords (you can't read 'em so don't try). I've seen this admin user mentioned a few times, but I don't have it...?? 2. I tried to set a password of an account and I get a segmentation fault when I try to run passwd. 3. My x-server CTRL-ALT + F7 now has the following error message instead of a graphical login screen. su[4340] PAM (other) illegal module type: OTHER Apparently there's a PAM issue What is going on? Please help me recover my system. I currently have a single login as root where I was running dselect. I am afraid to log off because I don't want to be locked out permanently. Perhaps, for safety (until you can fix this problem) remove root's password from /etc/passwd. I'm assuming no one else is using, having access to this account? Sorry, can't help ya more, but maybe you can list all of the pam related packages you have: $ dpkg -S pam may give an idea. -- ++ | Eric G. Milleregm2@jps.net | | GnuPG public key: http://www.jps.net/egm2/gpg.asc | ++
Re: Help!!! - Potato upgrade using dselect trashed computer...
On Sat, Oct 23, 1999 at 12:19:48AM -0700, Doug Thistlethwaite wrote: What is going on? Please help me recover my system. I currently have a single login as root where I was running dselect. I am afraid to log off because I don't want to be locked out permanently. Can you attach all of the files in /etc/pam.d/ aswell as your /etc/login.defs please? Looks to be a conffile problem, but I'm not sure what yet. Ben
Re: Help!!! - Potato upgrade using dselect trashed computer...
Ok Ben, here they are. One other thing to note: During the install I had a message with modutils stating that The form: Patch[fs]=/lib/modules/2.2.10 was replaced with the form: Patch[fs]=/lib/modules/2.2.10/fs I could not find where to change thi. I did find a file called conf.modules.old that had command lines like those described above. Could this be causing a problem with pam? Doug Ben Collins wrote: On Sat, Oct 23, 1999 at 12:19:48AM -0700, Doug Thistlethwaite wrote: What is going on? Please help me recover my system. I currently have a single login as root where I was running dselect. I am afraid to log off because I don't want to be locked out permanently. Can you attach all of the files in /etc/pam.d/ aswell as your /etc/login.defs please? Looks to be a conffile problem, but I'm not sure what yet. Ben -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null # # The PAM configuration file for the Shadow `su' service # # Uncomment this to force users to be a member of group root # before than can use `su' # (Replaces the `SU_WHEEL_ONLY' option from login.defs) # auth required pam_wheel.so # This allows root to su without passwords (normal operation) auth sufficient pam_rootok.so # Uncomment and edit /etc/security/time.conf if you need to set # time restrainst on su usage. # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs # as well as /etc/porttime) # accountrequisite pam_time.so # The standard Unix authentication modules, used with # NIS (man nsswitch) as well as normal /etc/passwd and # /etc/shadow entries. auth required pam_unix.so accountrequired pam_unix.so sessionrequired pam_unix.so # Sets up user limits, please uncomment and read /etc/security/limits.conf # to enable this functionality. # (Replaces the use of /etc/limits in old login) # sessionrequired pam_limits.so # # The PAM configuration file for the Shadow `chsh' service # # This will not allow a user to change their shell unless # their current one is listed in /etc/shells. This keeps # accounts with special shells from changing them. auth required pam_shells.so # The standard Unix authentication modules, used with # NIS (man nsswitch) as well as normal /etc/passwd and # /etc/shadow entries. auth required pam_unix.so nullok accountrequired pam_unix.so sessionrequired pam_unix.so #%PAM-1.0 auth sufficient pam_rootok.so auth required pam_console.so accountrequired pam_permit.so # # The PAM configuration file for the Shadow `login' service # # NOTE: If you use a session module (such as kerberos or NIS+) # that retains persistent credentials (like key caches, etc), you # need to enable the `CLOSE_SESSIONS' option in /etc/login.defs # in order for login to stay around until after logout to call # pam_close_session() and cleanup. # # Outputs an issue file prior to each login prompt (Replaces the # ISSUE_FILE option from login.defs). Uncomment for use # auth required pam_issue.so issue=/etc/issue # Disallows root logins except on tty's listed in /etc/securetty # (Replaces the `CONSOLE' setting from login.defs) auth requisite pam_securetty.so # Disallows other than root logins when /etc/nologin exists # (Replaces the `NOLOGINS_FILE' option from login.defs) auth required pam_nologin.so # This module parses /etc/environment (the standard for setting # environ vars) and also allows you to use an extended config # file /etc/security/pam_env.conf. # (Replaces the `ENVIRON_FILE' setting from login.defs) auth required pam_env.so # Standard Un*x authentication. The nullok line allows passwordless # accounts. auth required pam_unix.so nullok # This allows certain extra groups to be granted to a user # based on things like time of day, tty, service, and user. # Please uncomment and edit /etc/security/group.conf if you # wish to use this. # (Replaces the `CONSOLE_GROUPS' option in login.defs) # auth optional pam_group.so # Uncomment and edit /etc/security/time.conf if you need to set # time restrainst on logins. # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs # as well as /etc/porttime) # accountrequisite pam_time.so # Uncomment and edit /etc/security/access.conf if you need to # set access limits. # (Replaces /etc/login.access file) # account required pam_access.so # Standard Un*x account and session accountrequired pam_unix.so sessionrequired pam_unix.so # Sets up user limits, please uncomment and read /etc/security/limits.conf # to enable this functionality. # (Replaces the use of /etc/limits in old login) # sessionrequired pam_limits.so # Prints the last login info upon succesful login # (Replaces the `LASTLOG_ENAB' option from login.defs) sessionoptional pam_lastlog.so # Prints the motd upon succesful login # (Replaces the `MOTD_FILE' option in login.defs) sessionoptional
Re: Help!!! - Potato upgrade using dselect trashed computer...
Thanks for the reply Eric, I have attacked the output from /etc/dpkg -S pam Eric G . Miller wrote: On Sat, Oct 23, 1999 at 12:19:48AM -0700, Doug Thistlethwaite wrote: Hello Help! I have a potato system that was running fine until a few minutes ago... After the upgrade I have seen these problems: (It upgraded about 50M of packages). 1. I can not login to a virtual terminal. When I try I do not even get prompted for a password. I looked in my /etc/passwd file and all of the password fields are now :x: except for a user called 'admin'. The x indicates shadow passwords (you can't read 'em so don't try). I've seen this admin user mentioned a few times, but I don't have it...?? 2. I tried to set a password of an account and I get a segmentation fault when I try to run passwd. 3. My x-server CTRL-ALT + F7 now has the following error message instead of a graphical login screen. su[4340] PAM (other) illegal module type: OTHER Apparently there's a PAM issue What is going on? Please help me recover my system. I currently have a single login as root where I was running dselect. I am afraid to log off because I don't want to be locked out permanently. Perhaps, for safety (until you can fix this problem) remove root's password from /etc/passwd. I'm assuming no one else is using, having access to this account? Sorry, can't help ya more, but maybe you can list all of the pam related packages you have: $ dpkg -S pam may give an idea. -- ++ | Eric G. Milleregm2@jps.net | | GnuPG public key: http://www.jps.net/egm2/gpg.asc | ++ -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null libpam-modules: /lib/security/pam_ftp.so debhelper: /usr/share/man/man1/dh_installpam.1.gz passwd: /usr/share/doc/passwd/README.pam.gz libpam-modules: /usr/share/doc/libpam-modules login: /usr/share/doc/login/README.pam.gz imagemagick: /usr/doc/imagemagick/examples/spam.gif libpam-runtime: /usr/share/man/man8/pam.8.gz libpam0g: /lib/libpamc.so.0 libpam0g: /usr/share/doc/libpam0g libpam0g: /lib/libpamc.so.0.70 util-linux: /etc/pam.d/kbdrate libpam-modules: /lib/security/pam_wheel.so postgresql-dev: /usr/include/postgresql/access/heapam.h libpam-modules: /usr/share/doc/libpam-modules/examples/upperLOWER libpam0g: /usr/share/doc/libpam0g/README.gz libpam-runtime: /usr/share/man/man7/pam-undocumented.7.gz libpam-modules: /usr/share/doc/libpam-modules/changelog.gz libpam-modules: /lib/security/pam_mkhomedir.so libpam-modules: /usr/share/doc/libpam-modules/changelog.Debian.gz libpam-modules: /lib/security/pam_rootok.so libpam-modules: /etc/security/pam_env.conf libpam-modules: /lib/security/pam_unix.so libpam-modules: /lib/security/pam_access.so login: /etc/pam.d/login libpam0g: /usr/share/doc/libpam0g/TODO libpam0g: /lib/libpam_misc.so.0.70 libpam-modules: /lib/security/pam_filter.so libpam0g: /usr/share/doc/libpam0g/TODO.Debian libpam-modules: /lib/security/pam_tally.so libpam0g: /lib/libpam.so.0 libpam-modules: /lib/security/pam_time.so libpam-modules: /lib/security/pam_unix_passwd.so libpam-modules: /lib/security/pam_group.so libpam-modules: /usr/share/doc/libpam-modules/examples libpam-runtime: /usr/share/doc/libpam-runtime/changelog.gz libpam-modules: /lib/security/pam_limits.so libpam-runtime: /etc/pam.d/other libpam-runtime: /usr/share/doc/libpam-runtime/changelog.Debian.gz libpam-modules: /lib/security/pam_warn.so libpam-modules: /lib/security/pam_rhosts_auth.so libpam-modules: /lib/security/pam_motd.so libpam0g: /usr/share/doc/libpam0g/changelog.Debian.gz libpam-modules: /lib/security/pam_issue.so libpam-modules: /usr/share/doc/libpam-modules/examples/upperLOWER/.cvsignore libpam-runtime: /usr/share/man/man8/pam.conf.8.gz passwd: /etc/pam.d/passwd libpam-modules: /usr/share/doc/libpam-modules/examples/upperLOWER/Makefile libpam-modules: /lib/security/pam_nologin.so libpam-modules: /lib/security/pam_shells.so libpam-modules: /lib/security/pam_unix_acct.so libpam-modules: /lib/security/pam_permit.so libpam-modules: /lib/security/pam_env.so libpam-runtime: /usr/share/doc/libpam-runtime libpam0g: /lib/libpam_misc.so.0 passwd, util-linux, libpam-runtime, login: /etc/pam.d login: /etc/pam.d/su debhelper: /usr/bin/dh_installpam libpam-modules: /usr/share/doc/libpam-modules/copyright libpam-modules: /lib/security/pam_stress.so libpam0g: /lib/libpam.so.0.70 libpam0g: /usr/share/doc/libpam0g/README.Debian libpam-runtime: /usr/share/man/man8/pam.d.8.gz passwd: /etc/pam.d/chsh libpam-modules: /lib/security/pam_securetty.so libpam-modules: /lib/security/pam_unix_auth.so libpam-runtime: /usr/share/doc/libpam-runtime/copyright libpam0g: /usr/share/doc/libpam0g/copyright libpam-runtime: /etc/pam.conf libpam-modules: /lib/security/pam_lastlog.so libpam-modules: /lib/security/pam_deny.so passwd: /etc/pam.d/chfn libpam-modules:
Re: Help!!! - Potato upgrade using dselect trashed computer...
On Sat, Oct 23, 1999 at 08:51:47AM -0700, Doug Thistlethwaite wrote: Ok Ben, here they are. One other thing to note: During the install I had a message with modutils stating that The form: Patch[fs]=/lib/modules/2.2.10 was replaced with the form: Patch[fs]=/lib/modules/2.2.10/fs I could not find where to change thi. I did find a file called conf.modules.old that had command lines like those described above. Could this be causing a problem with pam? No, completely unrelated. OTHER auth required pam_deny.so OTHER account required pam_deny.so OTHER password required pam_deny.so OTHER session required pam_deny.so Here's the problem, not sure where the settings in this file came from. The distributed other looks like this: ## # # /etc/pam.d/other - specify the PAM fallback behaviour # # We fall back to the standard UNIX access. If this is not secure enough # for your purpose, consider specifying pam_deny.so instead. # auth required pam_unix_auth.so account required pam_unix_acct.so password required pam_unix_passwd.so session required pam_unix_session.so ## Change /etc/pam.d/other to look like this. Also, run this and see what versions of the PAM libraries you have installed: dpkg -l | grep libpam Thanks, Ben
Re: Help!!! - Potato upgrade using dselect trashed computer...
Ok, I modified the file as you show below. Did you notice that there was a file named other.dpkg-dist that had the following in it? Not sure if this is important or not. auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so What should I do after this? I am afraid to reboot and not be able to log in ever again... I have attacked the output from dpkg -l | grep libpam Thanks again, Doug Ben Collins wrote: On Sat, Oct 23, 1999 at 08:51:47AM -0700, Doug Thistlethwaite wrote: Ok Ben, here they are. One other thing to note: During the install I had a message with modutils stating that The form: Patch[fs]=/lib/modules/2.2.10 was replaced with the form: Patch[fs]=/lib/modules/2.2.10/fs I could not find where to change thi. I did find a file called conf.modules.old that had command lines like those described above. Could this be causing a problem with pam? No, completely unrelated. OTHER auth required pam_deny.so OTHER account required pam_deny.so OTHER password required pam_deny.so OTHER session required pam_deny.so Here's the problem, not sure where the settings in this file came from. The distributed other looks like this: ## # # /etc/pam.d/other - specify the PAM fallback behaviour # # We fall back to the standard UNIX access. If this is not secure enough # for your purpose, consider specifying pam_deny.so instead. # auth required pam_unix_auth.so account required pam_unix_acct.so password required pam_unix_passwd.so session required pam_unix_session.so ## Change /etc/pam.d/other to look like this. Also, run this and see what versions of the PAM libraries you have installed: dpkg -l | grep libpam Thanks, Ben ii libpam-modules 0.70-2 Pluggable Authentication Modules for PAM ii libpam-runtime 0.70-2 Runtime support for the PAM library ii libpam0g0.70-2 Pluggable Authentication Modules library
Re: Help!!! - Potato upgrade using dselect trashed computer...
On Sat, Oct 23, 1999 at 11:44:27AM -0700, Doug Thistlethwaite wrote: Ok, I modified the file as you show below. Did you notice that there was a file named other.dpkg-dist that had the following in it? Not sure if this is important or not. auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so What should I do after this? I am afraid to reboot and not be able to log in ever again... You should try to login. Also, do you have pam-apps installed? If so, remove it, and make sure that the passwd and login packages are up to date 19990827-x is the latest). I have attacked the output from dpkg -l | grep libpam Everything there looks ok, latest PAM. Ben
Re: Help!!! - Potato upgrade using dselect trashed computer...
I can not log in and the passwd function still give me a segmentation fault. I will remove pam-apps. Do I need to do anything else to get the changes I've made to be recognized? Doug Ben Collins wrote: On Sat, Oct 23, 1999 at 11:44:27AM -0700, Doug Thistlethwaite wrote: Ok, I modified the file as you show below. Did you notice that there was a file named other.dpkg-dist that had the following in it? Not sure if this is important or not. auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so What should I do after this? I am afraid to reboot and not be able to log in ever again... You should try to login. Also, do you have pam-apps installed? If so, remove it, and make sure that the passwd and login packages are up to date 19990827-x is the latest). I have attacked the output from dpkg -l | grep libpam Everything there looks ok, latest PAM. Ben
Re: Help!!! - Potato upgrade using dselect trashed computer...
Ben, I could not find pam-apps at all using dselect. While I was there, I removed all obsolete packages (there were several, and this did not have any other affects). dselect did want to install several other packages but this did not help either. I am not sure why my system ended up with shadow passwords and such. Prior to this problem, I was running potato fine without it and dselect seemed to decide on its own to install these extra packages. Is there a way to get back to where I was? Doug Doug Thistlethwaite wrote: I can not log in and the passwd function still give me a segmentation fault. I will remove pam-apps. Do I need to do anything else to get the changes I've made to be recognized? Doug Ben Collins wrote: On Sat, Oct 23, 1999 at 11:44:27AM -0700, Doug Thistlethwaite wrote: Ok, I modified the file as you show below. Did you notice that there was a file named other.dpkg-dist that had the following in it? Not sure if this is important or not. auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so What should I do after this? I am afraid to reboot and not be able to log in ever again... You should try to login. Also, do you have pam-apps installed? If so, remove it, and make sure that the passwd and login packages are up to date 19990827-x is the latest). I have attacked the output from dpkg -l | grep libpam Everything there looks ok, latest PAM. Ben -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Help!!! - Potato upgrade using dselect trashed computer...
On 23-Oct-99 Doug Thistlethwaite wrote: Ben, I could not find pam-apps at all using dselect. While I was there, I removed all obsolete packages (there were several, and this did not have any other affects). dselect did want to install several other packages but this did not help either. I am not sure why my system ended up with shadow passwords and such. Prior to this problem, I was running potato fine without it and dselect seemed to decide on its own to install these extra packages. Is there a way to get back to where I was? I wonder if one can perform dpkg-repack on all the packages that are about to be upgraded. That would be a nice option. I did not find it in a apt man page. It would be a good option to use in a situation such as the one described above, *before* performing the upgrade. -- Andrew
