On a fresh rawhide install with selinux disabled, su fails, reporting (falsely) 'incorrect password'. Dec 17 17:32:15 pmac su: pam_unix(su:auth): authentication failure; logname=dwmw2 uid=500 euid=0 tty=tty1 ruser=dwmw2 rhost= user=root 'ssh root@localhost' works fine.
What version of coreutils, and of pam?
20051217 rawhide: coreutils-5.93-4.1.ppc pam-0.99.2.1-2.ppc pam-0.99.2.1-2.ppc64
Seems to be a pam issue, according to one of the fedora mailing lists.
Can you please attach a strace of it? It should be good enough to attach to the su process when it is asking for a password. (Of course change the password before that so it isn't valuable.)
I cannot reproduce this issue on rawhide i386 with coreutils-5.93-4.1 and pam-0.99.2.1-2 with SELinux disabled. So it might even be a ppc only problem.
I can't reproduce it any more either. There exists a possibility that I just mistyped the password _repeatedly_ and then happened to get it right the first time I tried to 'ssh root@localhost' instead. Or maybe there was something wrong with the system date, which has been known to make PAM unhappy. Either way, I think we can close this. Apologies for the noise.
I lie. It happens again on a clean install, although this time I'm inclined to blame selinux and I'm fairly sure I'd booted with 'selinux=0' last time, because I didn't think the system would boot at all without it.
Created attachment 122431 [details] strace
Yep, this is selinux preventing pam_unix to read /etc/shadow (which is right), but then it prevents it to run /sbin/unix_chkpwd (which should be allowed).
This is a known problem in labeling the homedirs in the install restorecon -R -v /root /home Should clean it up. Hopefully tonights rawhide will fix the problem.
Fixed in selinux-policy-2.1.6-19 Also coreutils is changed to not use selinux for su any longer.
Closing several old modified bugs