"continue" (after Ctrl-D) means continue in boot, so usually reboot. So, it's expected behaviour.

The util responsible for log-in is sulogin from util-linux package -- we did some changes in the util in 7.6 update (see below), you need util-linux version >= 2.23.2-59.

If you want to enter shell you need to specify password, or press Enter if there is no password at all. The prompt is

                Press Enter for maintenance
                (or press Control-D to continue):

for locked accounts or accounts without password, and

                Give root password for maintenance
                (or press Control-D to continue):

for regular accounts.

Note, for locked accounts see bug #1561200, you need --force on sulogin command line, otherwise you will see 

                Cannot open access to console, the root account is locked.
                See sulogin(8) man page for more details.

                Press Enter to continue.

And note that system without root password sounds like crazy setting :)

Interesting - here's what I'm seeing across RHEL 7.5 and RHEL 7.6 Azure images:

RHEL 7.5:
- No root password set
- I added an invalid entry to /etc/fstab and rebooted. This is what I saw:

> Give root password for maintenance
> (or type Control-D to continue):
> sulogin: crypt failed: Invalid argument
> Login incorrect

- Can you confirm that this is expected behavior? I thought that bug #1561200 was an ask to add a --force to sulogin so that users don't run into this situation.

RHEL 7.6:
- No root password set
- I added an invalid entry to /etc/fstab and rebooted. This is what I saw:


> Authorization not available. Check if polkit service is running or see debug message for more information.
> Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.

> Cannot open access to console, the root account is locked.
> See sulogin(8) man page for more details.

> Press Enter to continue.

- Is this also expected behavior?

It is surprising how many users forget to set a root password (as crazy as that may sound!). In these situations they don't have much they can do if they're running RHEL since the root account always seems to be locked. 

I think the ask here would be to add a --force to sulogin, but I'm not sure why it didn't already happen with bug 1561200. I might have missed a memo, was there a miscommunication?

(In reply to Alfred Sin from comment #3)
> RHEL 7.5:
> - No root password set
> - I added an invalid entry to /etc/fstab and rebooted. This is what I saw:
> 
> > Give root password for maintenance
> > (or type Control-D to continue):
> > sulogin: crypt failed: Invalid argument
> > Login incorrect
> 
> - Can you confirm that this is expected behavior?

No, this does not seem like correct behaviour. If you really do not have password than "Press Enter for maintenance" prompt is expected and crypt() should not be used at all. I guess this should be fixed in version 7.6.

> I thought that bug
> #1561200 was an ask to add a --force to sulogin so that users don't run into
> this situation.

The option --force is necessary for locked accounts ("!" or "*" before password) or when /etc/passwd and /etc/shadow are not available. The option has been introduced to bypass the default safe behaviour for malformed or locked systems in single user mode.

7.6 update cleans up more things in sulogin, not only --force.

> RHEL 7.6:
> - No root password set
> - I added an invalid entry to /etc/fstab and rebooted. This is what I saw:
> 
> > Cannot open access to console, the root account is locked.
> > See sulogin(8) man page for more details.
> > Press Enter to continue.

This seems like locked account rather than no password, it seems like password starts with '*' or '!'. In this case you need --force.

> - Is this also expected behavior?

Yes, if the account is locked. You can confirm it by:
# grep root /etc/shadow, for example:

# passwd -l root
Locking password for user root.
passwd: Success

# grep root /etc/shadow
root:!!$6$4dyniMBX$UIYJKM/9k9Of1oKFJbT.5SUrGxjfBrNVBUkJKHJKuJxCxIl11Wg0s7KpGWIsk3yjiGYa44or.SYaCM.CFWR1:16832:0:99999:7:::

If you delete the password:

# passwd -d root
Removing password for user root.
passwd: Success

# grep root /etc/shadow
root::17864:0:99999:7:::


> I think the ask here would be to add a --force to sulogin, but I'm not sure

My suggestion is to use --force very carefully if you're not able to protect access to the system console. IMHO it's bad idea for public kiosks or as a distro default.

> why it didn't already happen with bug 1561200. I might have missed a memo,
> was there a miscommunication?

Please, verify your password in /etc/shadows. Thanks for your patience ;-) 

I'll also try to reproduce the problem again. It seems like some issue with system configuration or any bug in sulogin.

So I verified my password in etc/shadow:

[root@rhel76 azlinux]# grep root /etc/shadow
root:*LOCK*:14600::::::
[root@rhel76 azlinux]# passwd -d root
Removing password for user root.
passwd: Success
[root@rhel76 azlinux]# grep root /etc/shadow
root::17870::::::

After deleting the root password I was able to actually press Enter to enter a shell. Does this mean that if we want customers to be able to use the "Press Enter for maintenance" functionality, they need to delete the root password?

Here is complete list of all possibilities:

"Press Enter for maintenance":

  * you need to delete the password ("passwd -d root")

  * or you need locked account and --force on sulogin command line

  * password is defined, but malformed (wrong length, no $<n>$ prefix, etc.)


"Cannot open access to console, the root account is locked" case:

  * root account is locked, but --force is NOT specified on sulogin command line


"Give root password for maintenance" case:

  * root account with standard password


The very last possibility is Control-D, in this case sulogin(1) exits (=no shell) and system reboots/continues. This case is independent on all configuration.

I keep getting a google hit for this defect when I search for "sulogin: crypt failed: Invalid argument".

I'm using F29 out of the box armhfp image, and no combination of --force, locked root, unset root, or set root password gives me anything but the above message for any systemd targets that utilizes sulogin.

Uh fun, selinux=0 solves the problem. Maybe sulogin should trap the invalid argument return and just drop to a shell at that point, since something is very wrong when it happens.

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.