Red Hat Bugzilla – Bug 592432
password checking fails (ssh works)
Last modified: 2010-05-17 17:45:49 EDT
Description of problem:
Password checking fails. su says:
su: incorrect password
login gives a similar message but I don't have a sample handy.
login via ssh works.
Version-Release number of selected component (if applicable):
It broke after a yum-update. From /var/log/messages:
May 8 04:14:34 mini-mon yum: Updated: perl-Digest-HMAC-1.02-1.fc12.noarch
May 8 04:14:36 mini-mon yum: Updated: perl-URI-1.54-1.fc12.noarch
May 8 04:14:36 mini-mon yum: Updated: libblkid-2.16.2-9.fc12.i686
May 8 04:14:37 mini-mon yum: Updated: nss-softokn-freebl-3.12.4-17.fc12.i686
May 8 04:14:38 mini-mon yum: Updated: nss-softokn-3.12.4-17.fc12.i686
May 8 04:14:44 mini-mon yum: Updated: util-linux-ng-2.16.2-9.fc12.i686
May 8 04:14:44 mini-mon yum: Updated: nss-softokn-devel-3.12.4-17.fc12.i686
I'm not sure.
I have 2 Fedora 12 systems.
I encountered the problem on the first system. I recovered using
a rescue CD and installing RPMs pulled from the net with versions
matching what was working on the other system. (I wasn't smart
enough to use yum downgrade.)
I hit the same problem on the second system. This time I was
careful to check (from another window) before closing the su-ed window.
downgrading util-linux-ng, libuuid, and libblkid fixed things.
Then it worked after upgrading again. ???
I just tried upgrading the first system. It failed again.
downgrading util-linux-ng, libuuid, libblkid didn't fix it.
downgrading nss-softokn, nss-softokn-devel, and nss-softokn-freebl
did fix it.
Steps to Reproduce:
1. yum upgrade
su: incorrect password
Both of these systems were updated from older versions of Fedora.
I remember troubles with the update process, but was a long time
ago so I have forgotten any details. There is a chance that that
something was broken but both systems were working as expected
until this problem showed up.
I'll be happy to try things or collect more data if that will help.
Sorry this is so fuzzy.
I see only one relation between 'login' and 'su': PAM.
Note that PAM was not touched at all. I highly suspect nss_softtoken to be the culprit. It is called by glibc to compute the password hashes.
Also the by the ssh working you mean ssh authentication with public keys? Or ssh password based authentication?
(In reply to comment #2) your suspissions are well justified, see Bug 590199.
nss-softokn-3.12.4-19 has a patch to address this problem. It's currently on updates testing. I have requested a push to stable.
*** This bug has been marked as a duplicate of bug 590199 ***
> Also the by the ssh working you mean ssh authentication with public keys? Or
> ssh password based authentication?
Yes, I meant ssh using public keys worked. (Sorry I wasn't clear.)