Root Password Broken - authentication not catching /etc/shadow changes
DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Root Password Broken - authentication not catching /etc/shadow changes
Any attempt to access the root password on my system fails - su, graphical configuration tools (or even command line ones), etc., fails to recognize the password. I've tried every password I've ever used on this system, without success (always returns "Authentication failure. Sorry").
Sudo continues to work from a user account as well as an open root terminal, and through these I can get passwd to successfully change the root password - changes are visible in /etc/shadow, but still the new passwords (or even the old ones) don't work for su or distribution configuration tools.
Interestingly, rlogin does respond to the password change, using "rlogin systemname -l root" from the same system. Nothing "local" works. I tried changing the password, elminating the password from /etc/shadow, or copying another user's password to root in /etc/shadow, all with the same results.
So what do su and other system tools use to authenticate the root password? Are the changes to /etc/shadow just taking a while to get to these programs (i.e. they need a restart? seems too windoze-like to me), or do these programs look somewhere other than /etc/shadow that needs some additional help to get updated? What's up here?
I'm using 64Studio's audio-optimized distribution of Debian testing/etch on a 64-bit P4 system.
This sounds like an issue with PAM configuration. Have you looked in /var/log/secure* or /var/log/auth* or similar logfiles to find details on why it is rejecting your login?
Thanks for the lead. I don't have any /var/log/secure* logs, but I did find the auth.log, without any obvious clues.
Here's a common entry from /var/log/auth.log:
Sep 18 12:37:18 localhost su[2777]: (pam_unix) authentication failure; logname=luke uid=1000 euid=1000 tty=pts/1 ruser=luke rhost= user=root
Sep 18 12:37:21 localhost su[2777]: pam_authenticate: Authentication failure
Sep 18 12:37:21 localhost su[2777]: - pts/1 luke:root
Sep 18 12:37:29 localhost sshd[2780]: Accepted keyboard-interactive/pam for root from ::ffff:127.0.0.1 port 50075 ssh2
Sep 18 12:37:29 localhost sshd[2783]: (pam_unix) session opened for user root by root(uid=0)
I'm still looking for more info on PAM, will post when I get further along. I have a different problem that I suspect may be related - I'm not seeing changes I made in user groups reflected...I added my user to a few groups (system, music) using users-admin but I'm not seeing those groups show up in id's report or when I try to actually use those permissions. I'm tempted to reboot and see if that helps, but I'm mildly creeped out by the windows-ness of that solution if it works. ; )
Yeah, those both seem like a pam issue. Look in the /etc/pam.d directory for configuration for each of the services.
ok, have the same problem...I did a "deep-upgrade" and let emerge overwrite my configfiles in /etc.
Since then I cannot accsess my root account and I haven't got sudo installed.
I have tried chrooting into my system (from the llive cd) and changing root's password, with no effect.
What needs changing in /etc/pam.d to either allow for changes or to reset the password in some other way?
This is my system-auth, I don't have a clue to what it all means. Su and shadow are masked, i'll have to reboot with my livecd to view them...
Also, I cannot emerge without using the root account (or su)
what is the exact syntax for the md5sum command, I don't seem to be able to get it to work
but, I did a ls -l which shows when the files were last modified, and some (see list) were modified on monday (when I did the update).
Here they are, with content:
cron:
# Provided by mailbase (dont remove this line!)
# Standard pam.d file for mail service packages.
# $Header: /var/cvsroot/gentoo-x86/net-mail/mailbase/files/common-pamd-include,v 1.1 2005/04/29 13:07:50 ticho $
auth required pam_nologin.so
auth include system-auth
account include system-auth
session include system-auth
pop + all links refering to it:
Code:
# Provided by mailbase (dont remove this line!)
# Standard pam.d file for mail service packages.
# $Header: /var/cvsroot/gentoo-x86/net-mail/mailbase/files/common-pamd-include,v 1.1 2005/04/29 13:07:50 ticho $
auth required pam_nologin.so
auth include system-auth
account include system-auth
session include system-auth
#%PAM-1.0
auth sufficient pam_rootok.so
# Next line you need console ownership to be able to start X
#auth required pam_console.so
auth required pam_permit.so
account required pam_permit.so
I've managed it. I can now log in as root or do su.
I don't know why, but I never tried actually changing my root password when chrooting into my system from the livecd. I always entered my old root password.
This time I opted for a new one, and guess what, it worked. I'm now back to normal again.
Thank You very much for your time and help, even though we (more or less) were going in the wrong direction...
But I did try out the md5sum -c command as instructed, just to receive a bunch of errors about not having the permission to accsess the files.
I guess I'll need root priviliges
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.