Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   login problem (password corruption? pam?) (http://www.linux-archive.org/debian-user/119984-login-problem-password-corruption-pam.html)

Joseph Neal 07-06-2008 05:30 PM

login problem (password corruption? pam?)
 
Hello all.

Logins keep going bad on me. Repeatedly.

I first noticed the problem yesterday after updating sid. First sudo failed
to accept my password. I logged out of KDE and was not able to log back in.

Let's call my normal login that I've been using the past couple years login1.

After this happened I switched to a console where I was successfully able to
log in as root. I tried using usermod to reset the password for user1 but
was still unable to login. I can su to user1 from root, however. I created
a new user, user2, which I was able to use to successfully log in. After
adding user2 to sudoers I was able to use kuser to change the password for
user1 and log back in to my normal account. All was fine and dandy until a
few hours later the same thing started happening again. This time I was
unable to log in as user1 or user2 so I was forced to create a user3 and
again use kuser to set a new password for user1.

This time I'm not logging out until I figure out what's going on.

Any guess as to what's going on?

Any idea why kuser lets me successfully reset the password and not usermod?

Here's how all this looked to auth.log:

Jul 6 07:55:33 dsl017-124-002 kdm: :0[4670]: pam_unix(kdm:auth):
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user
=joe
Jul 6 07:55:51 dsl017-124-002 kdm: :0[4670]: pam_unix(kdm:auth):
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user
=joseph
Jul 6 07:56:22 dsl017-124-002 login[4702]: pam_unix(login:auth):
authentication failure; logname=LOGIN uid=0 euid=0 tty=tty4 ruser= rhost
= user=joe
Jul 6 07:56:24 dsl017-124-002 login[4702]: FAILED LOGIN (1) on 'tty4' FOR
`joe', Authentication failure
Jul 6 07:56:29 dsl017-124-002 login[4702]: pam_unix(login:session): session
opened for user root by LOGIN(uid=0)
Jul 6 07:56:29 dsl017-124-002 login[4761]: ROOT LOGIN on 'tty4'
Jul 6 07:59:48 dsl017-124-002 usermod[8030]: change user `joe' password
Jul 6 07:59:59 dsl017-124-002 login[4700]: pam_unix(login:auth):
authentication failure; logname=LOGIN uid=0 euid=0 tty=tty3 ruser= rhost
= user=joe
Jul 6 08:00:01 dsl017-124-002 login[4700]: FAILED LOGIN (1) on 'tty3' FOR
`joe', Authentication failure
Jul 6 08:00:40 dsl017-124-002 su[8035]: Successful su for joe by root
Jul 6 08:00:40 dsl017-124-002 su[8035]: + tty4 root:joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Raj Kiran Grandhi 07-07-2008 01:54 AM

login problem (password corruption? pam?)
 
Joseph Neal wrote:

Hello all.

Logins keep going bad on me. Repeatedly.

I first noticed the problem yesterday after updating sid. First sudo failed
to accept my password. I logged out of KDE and was not able to log back in.


Let's call my normal login that I've been using the past couple years login1.

After this happened I switched to a console where I was successfully able to
log in as root. I tried using usermod to reset the password for user1 but
was still unable to login. I can su to user1 from root, however. I created
a new user, user2, which I was able to use to successfully log in. After
adding user2 to sudoers I was able to use kuser to change the password for
user1 and log back in to my normal account. All was fine and dandy until a
few hours later the same thing started happening again. This time I was
unable to log in as user1 or user2 so I was forced to create a user3 and
again use kuser to set a new password for user1.


This time I'm not logging out until I figure out what's going on.

Any guess as to what's going on?

Any idea why kuser lets me successfully reset the password and not usermod?


By reset, do you mean setting a null password? For that you can just use
"passwd -d <username>"


Did you check the /etc/passwd and /etc/shadow files to see whether the
usernames are disabled?


I suggest doing the following:

Create a new user4. Login from the console as user4 and make a backup of
your /etc/passwd and /etc/shadow files. Wait till the system refuses to
let you in, and then compare the files with your backed up versions to
see if something suspicious is going on.





Here's how all this looked to auth.log:

Jul 6 07:55:33 dsl017-124-002 kdm: :0[4670]: pam_unix(kdm:auth):
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user

=joe
Jul 6 07:55:51 dsl017-124-002 kdm: :0[4670]: pam_unix(kdm:auth):
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user

=joseph
Jul 6 07:56:22 dsl017-124-002 login[4702]: pam_unix(login:auth):
authentication failure; logname=LOGIN uid=0 euid=0 tty=tty4 ruser= rhost

= user=joe
Jul 6 07:56:24 dsl017-124-002 login[4702]: FAILED LOGIN (1) on 'tty4' FOR
`joe', Authentication failure
Jul 6 07:56:29 dsl017-124-002 login[4702]: pam_unix(login:session): session
opened for user root by LOGIN(uid=0)

Jul 6 07:56:29 dsl017-124-002 login[4761]: ROOT LOGIN on 'tty4'
Jul 6 07:59:48 dsl017-124-002 usermod[8030]: change user `joe' password
Jul 6 07:59:59 dsl017-124-002 login[4700]: pam_unix(login:auth):
authentication failure; logname=LOGIN uid=0 euid=0 tty=tty3 ruser= rhost

= user=joe
Jul 6 08:00:01 dsl017-124-002 login[4700]: FAILED LOGIN (1) on 'tty3' FOR
`joe', Authentication failure

Jul 6 08:00:40 dsl017-124-002 su[8035]: Successful su for joe by root
Jul 6 08:00:40 dsl017-124-002 su[8035]: + tty4 root:joe




--

If you can't explain it simply, you don't understand it well enough.
-- Albert Einstein


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 01:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.