LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-27-2012, 04:29 PM   #16
n3wtux
LQ Newbie
 
Registered: Feb 2010
Posts: 8

Rep: Reputation: 0
Can't change passwd


I have tried putting the password in the useradd command. I have tried to create user then come back and change the password. I have created the user then su - username and was not able to change password. This user has been fully removed and readded. The user exists in /etc/password /etc/shadow and was assigned to a group in /etc/group. I can't change the password as root and when the user trys to logon by remote they get access denied. There is not a /etc/ssh/ssh.deny file or allow for that matter. I did notice that my regular user cannot change my password. Getting same error. There is nothing like the user having duplicate uid or gid in /etc/passwd. Just for kicks I also tried to use usermod -p password to change the password. Nogo.

Again previous users can ssh to server, but apparently can't change password. New users cannot ssh to server due to the password authentication error. I did notice that in /var/log/messages that user logs on with uid=0.
 
Old 03-27-2012, 07:12 PM   #17
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Quote:
I did notice that in /var/log/messages that user logs on with uid=0.
Well, that's probably your problem unless you've got a weird setup.

1. ONLY root should have uid 0

2. best practice is NOT to allow remote root access, as this is first thing crackers/script kiddies go for.
Create a second acct with secure passwd and 'su - ' from there.
Normally remote root login is disabled /etc/ssh/sshd_config "PermitRootLogin no"

3. normally a user cannot re-use the same passwd, especially immediately. If you need it never to change/expire http://linux.die.net/man/1/chage & set --expiredate=-1 as per that page.
See also http://www.thegeekstuff.com/2009/04/...ion-and-aging/

See also /etc/login.defs

4. only root would use the format
Code:
passwd username
to change another user's passwd.
Normal users can't do that; they should just say 'passwd'.

HTH
 
Old 03-28-2012, 01:38 PM   #18
n3wtux
LQ Newbie
 
Registered: Feb 2010
Posts: 8

Rep: Reputation: 0
Can't change passwd

Thank you chrism01. We already have our servers set that way. permitrootlogin = no. I performed a tail -f on secure log on a couple of other servers and got the same results. Old users can logon and change password using passwd utility. New users cannot logon. New users can't login or change password even if you su to the user and try to run passwd.

I used several methods to attempt to make a change. I even created another user to see if I was still experiencing the issue. Listed below are some of the steps that I took.

1) explicitly providing password in useradd
2) created user then used usermod to add password
3) deleted home directory and all of user then tried to recreate.
4) created alternate user
5) manually put password in correct field of /etc/passwd then ran pwconv
 
Old 03-28-2012, 07:24 PM   #19
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
So, if you create a brand new user from scratch;

1. can root change user's passwd ?
2. can user change passwd as that user ie not via root ?

If no to either both, exactly what cmds did you issue; exactly what msgs did you get.
Sorry to seem pedantic, but its easier to debug if I can see exactly what you did, as opposed to a description thereof.

3. have you got any distributed auth setup that may interfere eg LDAP ?
 
Old 03-29-2012, 09:15 AM   #20
n3wtux
LQ Newbie
 
Registered: Feb 2010
Posts: 8

Rep: Reputation: 0
Local User unable to change password

No I would like to have a distributed authentication setup, but management says nogo.

I su - to user from root and was unable to change password. I can't sign on as user to do anything.

commands used
as root
useradd -m -G wheel -p password username
useradd -m -p password username
useradd -m -G wheel username; passwd username
useradd -m ctest;passwd ctest
usermod -p password username (after creating user w/o specifying password This didn't generate error, but didn't help either)
su - username; passwd
Manually altered password field in /etc/passwd then ran pwconv


I might have missed a few but this is the general range of things I have tried of course I totally removed the user and made sure nothing was left in /home or /etc/passwd /etc/shadow....etc.

The error I was getting was listed previously. It looks like it is going to start to change but then without even getting you the chance to input any values it gives following error. This is the error I get whenever I do anything besides usermod. Usermod still didn't fix the issue.

passwd username
Changing password for user username.
passwd: Authentication token manipulation error

Last edited by n3wtux; 03-29-2012 at 09:21 AM. Reason: forgot to put error message
 
Old 03-29-2012, 08:02 PM   #21
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Ok, lets stick with the simplest approach

Can you ensure you have completely removed any test user eg ctest, then (as root, pref logged in locally/direct as root, ie not via 'su -') do exactly
Code:
useradd -m ctest
echo $?

passwd ctest
echo $?
and copy/paste the cmds/msgs

Also check /var/log/messages, /var/log/secure.
The echo is just to check the return status of each cmd; I'm just starting to wonder if useradd is failing quietly.
BTW, for usermod the -p option requires the supplied passwd to ALREADY be encrypted http://linux.die.net/man/8/usermod
 
Old 03-30-2012, 08:50 AM   #22
n3wtux
LQ Newbie
 
Registered: Feb 2010
Posts: 8

Rep: Reputation: 0
Local User unable to change password

I want to thank you for all of your assistance. I found out that the pam module is configured to need a smbpasswd for the user to be set up before a system password can be used. I have never seen or tried to set up anything like this so I didn't think to look there.

I personally think that cifs stands for crappy internet file system, but I didn't have any decision making power yet in offering an alternate option. I apologize if I wasted any time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NIS vs Local account password change thllgo Linux - Server 2 07-17-2008 05:47 PM
Locking out a user when password expires, but allowing them to change their password kaplan71 Linux - Security 5 06-27-2008 08:12 PM
how local user able to change password? dickysolo Linux - Security 3 10-29-2007 04:39 AM
change password local user vsftp ?? cosmonate Linux - Security 8 02-19-2003 08:56 AM


All times are GMT -5. The time now is 12:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration