Bug 592432

Summary: password checking fails (ssh works)
Product: [Fedora] Fedora Reporter: Hal Murray <murray+fedora>
Component: nssAssignee: Kai Engert (:kaie) (inactive account) <kengert>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: emaldona, kdudka, kengert, kzak, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-17 15:52:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hal Murray 2010-05-14 20:26:04 UTC 
Description of problem:
  Password checking fails.  su says:
    su: incorrect password
  login gives a similar message but I don't have a sample handy.
  login via ssh works.

Version-Release number of selected component (if applicable):
It broke after a yum-update.  From /var/log/messages:
May  8 04:14:34 mini-mon yum: Updated: perl-Digest-HMAC-1.02-1.fc12.noarch
May  8 04:14:36 mini-mon yum: Updated: perl-URI-1.54-1.fc12.noarch
May  8 04:14:36 mini-mon yum: Updated: libblkid-2.16.2-9.fc12.i686
May  8 04:14:37 mini-mon yum: Updated: nss-softokn-freebl-3.12.4-17.fc12.i686
May  8 04:14:38 mini-mon yum: Updated: nss-softokn-3.12.4-17.fc12.i686
May  8 04:14:44 mini-mon yum: Updated: util-linux-ng-2.16.2-9.fc12.i686
May  8 04:14:44 mini-mon yum: Updated: nss-softokn-devel-3.12.4-17.fc12.i686


How reproducible:
  I'm not sure.

  I have 2 Fedora 12 systems.

  I encountered the problem on the first system. I recovered using
  a rescue CD and installing RPMs pulled from the net with versions
  matching what was working on the other system.  (I wasn't smart
  enough to use yum downgrade.)

  I hit the same problem on the second system.  This time I was
  careful to check (from another window) before closing the su-ed window.
  downgrading util-linux-ng, libuuid, and libblkid fixed things.
  Then it worked after upgrading again.   ???

  I just tried upgrading the first system.  It failed again.
  downgrading util-linux-ng, libuuid, libblkid didn't fix it.
  downgrading nss-softokn, nss-softokn-devel, and nss-softokn-freebl
  did fix it.


Steps to Reproduce:
1. yum upgrade

  
Actual results:
  su: incorrect password

Expected results:
  [root@xxx yyy]#

Additional info:
  Both of these systems were updated from older versions of Fedora.
  I remember troubles with the update process, but was a long time
  ago so I have forgotten any details.  There is a chance that that
  something was broken but both systems were working as expected
  until this problem showed up.

  I'll be happy to try things or collect more data if that will help.

  Sorry this is so fuzzy.
Comment 1 Karel Zak 2010-05-17 09:59:59 UTC 
I see only one relation between 'login' and 'su': PAM.
Comment 2 Tomas Mraz 2010-05-17 10:15:37 UTC 
Note that PAM was not touched at all. I highly suspect nss_softtoken to be the culprit. It is called by glibc to compute the password hashes.
Comment 3 Tomas Mraz 2010-05-17 10:16:41 UTC 
Also the by the ssh working you mean ssh authentication with public keys? Or ssh password based authentication?
Comment 4 Elio Maldonado Batiz 2010-05-17 15:48:33 UTC 
(In reply to comment #2)  your suspissions are well justified, see Bug 590199.
nss-softokn-3.12.4-19 has a patch to address this problem. It's currently on updates testing. I have requested a push to stable.
Comment 5 Tomas Mraz 2010-05-17 15:52:27 UTC 

*** This bug has been marked as a duplicate of bug 590199 ***
Comment 6 Hal Murray 2010-05-17 21:45:49 UTC 
> Also the by the ssh working you mean ssh authentication with public keys? Or
> ssh password based authentication? 

Yes, I meant ssh using public keys worked.  (Sorry I wasn't clear.)