Bug 55011 - Couldn't login after RH7.2 upgrade - editing a pam file fixed it
Summary: Couldn't login after RH7.2 upgrade - editing a pam file fixed it
Status: CLOSED DUPLICATE of bug 54443
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
(Show other bugs)
Version: 7.2
Hardware: i686 Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords:
: 55106 55356 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-10-24 10:26 UTC by dg
Modified: 2007-04-18 16:37 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-10-31 20:26:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description dg 2001-10-24 10:26:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011012

Description of problem:
After upgrading my machine (on an NIS domain) to RH7.2 I couldn't login -
just got a bad password message; this was login, gdm, and ssh.  Some people
could, some people couldn't.  I could login as the local Root.

After suggestions by a friend that 'pam_unix.so' was now deprecated I
changed in the file /etc/pam.d/system-auth:

auth        sufficient    /lib/security/pam_unix.so likeauth nullok

to

auth        sufficient    /lib/security/pam_pwdb.so likeauth nullok

and all is peachy.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Erm well it could be the 7.2 upgrade that kicked it
2.Try to login
3.
	

Additional info:

Comment 1 Need Real Name 2001-10-24 20:26:57 UTC
I've got the same problem, and the same solution seemed to work for me.  I wasn't
able to login at all, I had to start up in single user mode to modify the
system-auth file.

Comment 2 Andreas J. Bathe 2001-10-25 09:30:50 UTC
did you have the !character within your password? i did and had the same
problem, after changing the password without !, I got into - same with gdm and
login via nis.

Comment 3 dg 2001-10-25 09:44:16 UTC
Nope; mine is pure mixed case english alphabetic

Comment 4 Andreas J. Bathe 2001-10-25 10:02:24 UTC
puuh, that's strange, but you're right: I tested some passwords with ! and some
did it and some didn't.
Was just an idea...

Comment 5 Jim Radford 2001-10-25 22:13:07 UTC
I verified that the problem is only with passwords greater than 8 characters in
length.  Specifically bigcrypt is being called by default instead of the normal
crypt function.  It seems that bigcrypt is supposed to be an option, but it is
somenow now the default.

Comment 6 Jim Radford 2001-10-25 22:35:20 UTC
--- pam-0.75/modules/pam_unix/support.c.orig    Thu Oct 25 15:24:53 2001
+++ pam-0.75/modules/pam_unix/support.c Thu Oct 25 15:24:56 2001
@@ -705,7 +705,11 @@
                                                break;
                                        }
                                }
-                               pp = bigcrypt(p, salt);
+                                if (off(UNIX_BIGCRYPT, ctrl)) {
+                                  pp = crypt(p, salt);
+                                } else {
+                                  pp = bigcrypt(p, salt);
+                                }
                        }
                        p = NULL;               /* no longer needed here */
 


Comment 7 Need Real Name 2001-10-25 23:04:56 UTC
That is not the full story. My username is 7 lower case alphas followed by 
a '2'. When I cloned my passwd line but removed the 2 (ie, kept my uid, 
password, shell, etc all the same) I was able to log in. 

My password does exceed 8 characters, but the bug is user name sensitive too. 
It looks like there is a bug in bigcrypt, which is sensitive to user name, 
rather than bigcrypt being totally hosed.

Comment 8 dg 2001-10-26 08:21:42 UTC
Hmm - my password is larger than 8 characters so that could be it. (My username
is just dg)


Comment 9 Need Real Name 2001-10-28 08:02:50 UTC
I was able to fix it by downgrading pam to the version shipped with 7.1.  There
is definitely a 
bug in this latest version of pam, when used with NIS.

Comment 10 Julian C. Dunn 2001-10-29 04:22:58 UTC
It has nothing to do with NIS. I am experiencing the same problem on a machine
where NIS is turned off, and the same fix corrected the problem.

Comment 11 Nalin Dahyabhai 2001-10-31 20:19:02 UTC
This is a problem with conventionally-encrypted passwords, and it's just showing
up more on systems with NIS.  A bug-fix errata for this will be going out shortly.

Comment 12 Nalin Dahyabhai 2001-10-31 20:20:58 UTC
*** Bug 55356 has been marked as a duplicate of this bug. ***

Comment 13 Nalin Dahyabhai 2001-10-31 20:25:54 UTC
Oops, this one's actually a dupe of #54443.

Comment 14 Nalin Dahyabhai 2001-10-31 20:27:37 UTC

*** This bug has been marked as a duplicate of 54443 ***

Comment 15 Nalin Dahyabhai 2002-01-18 21:55:10 UTC
*** Bug 55106 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.