unix_chkpwd unknown user root

john.wythe@activant.com · 04-24-2014, 11:20 PM

I have another system (Redhat 6) with this problem. We are not able to login at all the only access we have is single user mode.
When we try to change the root password, or password of a user we just added in single user mode we get the message unix_chkpwd unknown user ... It then prompts for new password and to verify, and then gives errors about unable to obtain info, and authentication tokens not updated. The next chance I get I will check the lsattrs of /etc/passwd and /etc/shadow.
the regular permissions are :
/etc/passwd rw-r--r--
/etc/shadow ---------

The root entry in /etc/passwd and /etc/shadow look fine, as does the enrty in /etc/group. I have not checked the shadow for for /etc/group yet.

The system was working fine. I was in the process of loading it with our software and updating the OS using yum.
I have since done a yum reinstall of all the installed packages and a yum update. rebooted afterwards and still can't login in normal mode or change password in single user mode.

Is there a file in /etc/pam.d that might have an effect on this.

Are there any other files I should look at?

My only other recourse is to re-install from scratch, which while not a big issue as it is a new system I'd rather find out what the problem is and how to fix it for future cases.

smallpond · 04-25-2014, 04:07 PM

Check in /etc/nsswitch.conf for the passwd, shadow and group lines. If they say "compat" try "files" in case something is broken in the nsswitch libraries.

john.wythe@activant.com · 04-28-2014, 02:50 PM

I reloaded the system from scratch. All was fine until I ran a script that copies users from the old system to the new system. It uses the adduser script in Linux to add the user, but uses sed to edit the shadow file to copy the password. I think this is where the issue is. I turned off selinux when I ran into the problem again after copying the users and was able to login again. I notice some other commands getfattr and setfattr. Next time I am going to check and see what the attrs are before I run the script and set them back. I also might try copying the file back after sed runs instead of moving it. That might keep any attrs that might get lost other wise.