LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-12-2012, 09:17 AM   #1
Enochs
Member
 
Registered: Jun 2007
Location: Georgia
Distribution: Fedora
Posts: 50

Rep: Reputation: 17
Exclamation RHEL 5.8 Cluster: Nodes keep prompting to change PW


Hi,

I have a RHEL cluster with 9 nodes. Nodes 1-7 keep prompting me to reset my password. We reset it and try to log-in but it AGAIN asks us to reset our password. Of course we can't because you can only change your password once every 24 hours. Essentially I'm looked out of the 7 nodes completely!

I can't log-in as root on nodes 1-7 because authentication is controlled by Kerberos.

I have no problem using the Master node (as myself or root). I have the root password and Kerberos password (I don't know jack about how to manage Kerberos)for the Master node.

Any idea how I can regain access to my nodes?

Last edited by Enochs; 12-13-2012 at 03:59 PM. Reason: Typo
 
Old 12-13-2012, 03:54 PM   #2
Enochs
Member
 
Registered: Jun 2007
Location: Georgia
Distribution: Fedora
Posts: 50

Original Poster
Rep: Reputation: 17
I figured out the problem.

1. A recent change to the PAM configuration changed the password policy. This change required all users to change their password on next log-in.
2. My user profile was added to the system incorrectly in July when I started working here (still trying to figure out how and fix it). When I change my password, it only updates my Kerberos password and not my local password on each node. When anyone else changes their password, it changes their Kerberos password and their local password on all nodes (password synchronization across the entire cluster). I have to log onto each of the 9 nodes and change my local password independently from my Kerberos pw (still troubleshooting).
3. The problem in step 2 was hard to figure out because we must ssh to these classified systems. Using ssh causes a different log-on behavior in that once you change your password, it logs you out and makes you log back in. Since my pw updated only my Kerberos password, the system kept prompting me to change the pw...of course Kerberos would only let me do a pw change once a day.

To fix this I had to:

1. Gain access to the room that contained these systems so that I could log in at the console instead of ssh. This is to prevent me from being logged out after the initial password change.
2. Log-in using my Kerberos password.
3. Change my local password using the passwd command so that it matches my Kerberos password. (My profile only)
4. Repeat steps 1-3 on all nine nodes in the cluster (my profile only). This is because I still haven't fixed the problem with my profile that's preventing synchronization of my Kerberos and local passwords across the entire cluster.
5. Have each user ssh in and change their pw. Others only had to do this once (any node) and the entire cluster is updated properly.

Last edited by Enochs; 12-13-2012 at 03:58 PM. Reason: Typo
 
1 members found this post helpful.
  


Reply

Tags
authentication, kerberos, password


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure 2 nodes cluster Redtth Linux - Enterprise 1 06-12-2012 05:11 PM
Hwaddr of all nodes on a cluster usagi32 Linux - Server 4 09-10-2009 11:21 PM
Cluster....which distro is best for the Nodes? KaptinKABOOM Linux - Software 7 06-14-2004 08:34 PM
rsh on Cluster nodes rudy3107 Linux - Software 0 07-22-2003 06:53 AM
How do i create an a/c at all nodes in the cluster dogma Linux - Networking 4 05-19-2003 10:21 AM


All times are GMT -5. The time now is 07:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration