-   Linux - Software (
-   -   Repair User - su: incorrect password (

Ryanitus 11-20-2008 02:38 PM

Repair User - su: incorrect password

I have a system set up with an administrator account aside from root.

I've lost the ability to su to that administrator account, even from root. It was working fine a week ago.

When I log in as root, I get the following:

[root@localhost root]# su admin
su: incorrect password

I can su to any other account just fine.

[root@localhost root]# su user

I've tried changing the root password and admin password, but nothing has helped. I've removed the admin entries from /etc/passwd and /etc/shadow and tried, and system says the account doesn't exist, which is expected. However, when I add them back, same problem.

Not sure if this matters or not, but the admin account password was set to expire after 60 days. I've checked the config files the account is not locked.

Is there a way to repair the admin account?


MensaWater 11-20-2008 03:02 PM

Look at the "passwd -u" option to unlock the account - it probably got locked due to expiration. You can also use the "chage" command to deal with setting expiration values.

Ryanitus 11-20-2008 04:21 PM

*** solution ***
I had checked everything concerning the /etc/passwd and /etc/shadow files, everything seemed to be ok. I tried locking and unlocking with 'passwd -l' and 'passwd -u', but still no go.

As it turns out, there were cron jobs that did a su to the admin account.

When the password expired, the cron job was being prompted for the password. After 3 login failures, the account was getting locked by PAM. This was due to using the module.

To fix the problem, I removed deny= argument from /etc/pam.d/system-auth.

account required /lib/security/$ISA/ per_user deny=3 no_magic_root reset

account required /lib/security/$ISA/ per_user no_magic_root reset

alam 03-07-2009 07:32 PM


I use Mandriva 2009 on a Toshiba laptop.

As a user, if I run 'su', I get 'su: incorrect password'. The password is correct because I can login as root.

I do not see anything like "deny=" in my system.auth file.

Any idea?


MensaWater 03-09-2009 03:12 PM

Please do not append to old threads. You'll get much more visibility by starting a new one.

gmdaas 06-08-2009 06:44 AM


chmod o+s /bin/su
so that it looks like

[root@localhost ~]# ls -l /bin/su
-rwsr-xr-x 1 root root 24120 May 24 2008 /bin/su 12-03-2009 08:21 PM

Hi Ryanitus,

Am having the same problem ..using RHEL 4 U 7.

Tried with locking unlocking passwd but no luck.

Have you managed to solve it ? 12-03-2009 08:56 PM

Hi all,

The account faillog count for the user was above threshold and this caused the pam denies the login.

Mine is got solved by ,

As a root

Step 1. Changing the entries in file /etc/pam.d/system-auth

password required /lib/security/$ISA/ retry=3 type=
password sufficient /lib/security/$ISA/ nullok use_authtok md5 shadow
password required /lib/security/$ISA/
password required /lib/security/ remember=4 use_authtok md5 shadow

Change the required and sufficient to optional.

Step 2. remove the deny entry
account required /lib/security/ deny=5 reset no_magic_root

Remove the deny=5 entry from the above line.

Step 3. Save and quit.

Step 4. Su to user

step 5. Verify your failog for count is back to 0.By executing faillog -u user
Out will be similar like
Username Failures Maximum Latest
user 0 0

step 6. back to root

step 7. roll back all the changes done for /etc/pam.d/system-auth.

Hope it helped
Thanks and regards.
Vysakh Chandran.

chrism01 12-03-2009 09:34 PM

quicker/easier, use the -r (reset) option 12-03-2009 10:35 PM

In my case , I had tried the Failog -r and was no exception ..

But yes. its worth a try before proceeding ahead with editing pam file.

All times are GMT -5. The time now is 06:25 AM.