Description of problem: Password checking fails. su says: su: incorrect password login gives a similar message but I don't have a sample handy. login via ssh works. Version-Release number of selected component (if applicable): It broke after a yum-update. From /var/log/messages: May 8 04:14:34 mini-mon yum: Updated: perl-Digest-HMAC-1.02-1.fc12.noarch May 8 04:14:36 mini-mon yum: Updated: perl-URI-1.54-1.fc12.noarch May 8 04:14:36 mini-mon yum: Updated: libblkid-2.16.2-9.fc12.i686 May 8 04:14:37 mini-mon yum: Updated: nss-softokn-freebl-3.12.4-17.fc12.i686 May 8 04:14:38 mini-mon yum: Updated: nss-softokn-3.12.4-17.fc12.i686 May 8 04:14:44 mini-mon yum: Updated: util-linux-ng-2.16.2-9.fc12.i686 May 8 04:14:44 mini-mon yum: Updated: nss-softokn-devel-3.12.4-17.fc12.i686 How reproducible: I'm not sure. I have 2 Fedora 12 systems. I encountered the problem on the first system. I recovered using a rescue CD and installing RPMs pulled from the net with versions matching what was working on the other system. (I wasn't smart enough to use yum downgrade.) I hit the same problem on the second system. This time I was careful to check (from another window) before closing the su-ed window. downgrading util-linux-ng, libuuid, and libblkid fixed things. Then it worked after upgrading again. ??? I just tried upgrading the first system. It failed again. downgrading util-linux-ng, libuuid, libblkid didn't fix it. downgrading nss-softokn, nss-softokn-devel, and nss-softokn-freebl did fix it. Steps to Reproduce: 1. yum upgrade Actual results: su: incorrect password Expected results: [root@xxx yyy]# Additional info: Both of these systems were updated from older versions of Fedora. I remember troubles with the update process, but was a long time ago so I have forgotten any details. There is a chance that that something was broken but both systems were working as expected until this problem showed up. I'll be happy to try things or collect more data if that will help. Sorry this is so fuzzy.
I see only one relation between 'login' and 'su': PAM.
Note that PAM was not touched at all. I highly suspect nss_softtoken to be the culprit. It is called by glibc to compute the password hashes.
Also the by the ssh working you mean ssh authentication with public keys? Or ssh password based authentication?
(In reply to comment #2) your suspissions are well justified, see Bug 590199. nss-softokn-3.12.4-19 has a patch to address this problem. It's currently on updates testing. I have requested a push to stable.
*** This bug has been marked as a duplicate of bug 590199 ***
> Also the by the ssh working you mean ssh authentication with public keys? Or > ssh password based authentication? Yes, I meant ssh using public keys worked. (Sorry I wasn't clear.)