55011 – Couldn't login after RH7.2 upgrade - editing a pam file fixed it

Bug 55011 - Couldn't login after RH7.2 upgrade - editing a pam file fixed it

Summary: Couldn't login after RH7.2 upgrade - editing a pam file fixed it

Keywords:
Status:	CLOSED DUPLICATE of bug 54443
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	pam
Sub Component:
Version:	7.2
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	55106 55356 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-10-24 10:26 UTC by dg
Modified:	2007-04-18 16:37 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-10-31 20:26:03 UTC
Embargoed:

Attachments	(Terms of Use)

Description dg 2001-10-24 10:26:57 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011012

Description of problem:
After upgrading my machine (on an NIS domain) to RH7.2 I couldn't login -
just got a bad password message; this was login, gdm, and ssh.  Some people
could, some people couldn't.  I could login as the local Root.

After suggestions by a friend that 'pam_unix.so' was now deprecated I
changed in the file /etc/pam.d/system-auth:

auth        sufficient    /lib/security/pam_unix.so likeauth nullok

to

auth        sufficient    /lib/security/pam_pwdb.so likeauth nullok

and all is peachy.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Erm well it could be the 7.2 upgrade that kicked it
2.Try to login
3.
	

Additional info:

Comment 1 Need Real Name 2001-10-24 20:26:57 UTC

I've got the same problem, and the same solution seemed to work for me.  I wasn't
able to login at all, I had to start up in single user mode to modify the
system-auth file.

Comment 2 Andreas J. Bathe 2001-10-25 09:30:50 UTC

did you have the !character within your password? i did and had the same
problem, after changing the password without !, I got into - same with gdm and
login via nis.

Comment 3 dg 2001-10-25 09:44:16 UTC

Nope; mine is pure mixed case english alphabetic

Comment 4 Andreas J. Bathe 2001-10-25 10:02:24 UTC

puuh, that's strange, but you're right: I tested some passwords with ! and some
did it and some didn't.
Was just an idea...

Comment 5 Jim Radford 2001-10-25 22:13:07 UTC

I verified that the problem is only with passwords greater than 8 characters in
length.  Specifically bigcrypt is being called by default instead of the normal
crypt function.  It seems that bigcrypt is supposed to be an option, but it is
somenow now the default.

Comment 6 Jim Radford 2001-10-25 22:35:20 UTC

--- pam-0.75/modules/pam_unix/support.c.orig    Thu Oct 25 15:24:53 2001
+++ pam-0.75/modules/pam_unix/support.c Thu Oct 25 15:24:56 2001
@@ -705,7 +705,11 @@
                                                break;
                                        }
                                }
-                               pp = bigcrypt(p, salt);
+                                if (off(UNIX_BIGCRYPT, ctrl)) {
+                                  pp = crypt(p, salt);
+                                } else {
+                                  pp = bigcrypt(p, salt);
+                                }
                        }
                        p = NULL;               /* no longer needed here */

Comment 7 Need Real Name 2001-10-25 23:04:56 UTC

That is not the full story. My username is 7 lower case alphas followed by 
a '2'. When I cloned my passwd line but removed the 2 (ie, kept my uid, 
password, shell, etc all the same) I was able to log in. 

My password does exceed 8 characters, but the bug is user name sensitive too. 
It looks like there is a bug in bigcrypt, which is sensitive to user name, 
rather than bigcrypt being totally hosed.

Comment 8 dg 2001-10-26 08:21:42 UTC

Hmm - my password is larger than 8 characters so that could be it. (My username
is just dg)

Comment 9 Need Real Name 2001-10-28 08:02:50 UTC

I was able to fix it by downgrading pam to the version shipped with 7.1.  There
is definitely a 
bug in this latest version of pam, when used with NIS.

Comment 10 Julian C. Dunn 2001-10-29 04:22:58 UTC

It has nothing to do with NIS. I am experiencing the same problem on a machine
where NIS is turned off, and the same fix corrected the problem.

Comment 11 Nalin Dahyabhai 2001-10-31 20:19:02 UTC

This is a problem with conventionally-encrypted passwords, and it's just showing
up more on systems with NIS.  A bug-fix errata for this will be going out shortly.

Comment 12 Nalin Dahyabhai 2001-10-31 20:20:58 UTC

*** Bug 55356 has been marked as a duplicate of this bug. ***

Comment 13 Nalin Dahyabhai 2001-10-31 20:25:54 UTC

Oops, this one's actually a dupe of #54443.

Comment 14 Nalin Dahyabhai 2001-10-31 20:27:37 UTC


*** This bug has been marked as a duplicate of 54443 ***

Comment 15 Nalin Dahyabhai 2002-01-18 21:55:10 UTC

*** Bug 55106 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.