LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-23-2020, 11:37 PM   #181
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 7,222

Rep: Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925

Quote:
Originally Posted by dchmelik View Post
Forcing it (not the case through 14.2) then having to do that is not good enough (but up to 14.2 and FreeBSD w/PAM is.)
It seems it may be worth reading through your /etc/pam.d/system-auth.conf file. Your complaints seem to be easily changed by commenting out the first two password lines and uncommenting the third (make sure you leave the 4th uncommented).

Code:
# Default password quality checking with pam_pwquality. If you don't want
# password quality checking, comment out these two lines and uncomment the
# traditional password handling line below.
password    requisite     pam_pwquality.so minlen=6 retry=3
password    sufficient    pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok

# Traditional password handling without pam_pwquality password checking.
# Commented out by default to use the two pam_pwquality lines above.
#password    sufficient    pam_unix.so nullok sha512 shadow minlen=6
Should be changed to:

Code:
# Default password quality checking with pam_pwquality. If you don't want
# password quality checking, comment out these two lines and uncomment the
# traditional password handling line below.
#password    requisite     pam_pwquality.so minlen=6 retry=3
#password    sufficient    pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok

# Traditional password handling without pam_pwquality password checking.
# Commented out by default to use the two pam_pwquality lines above.
password    sufficient    pam_unix.so nullok sha512 shadow minlen=6
Hopefully this fixes your problem.
 
Old 05-23-2020, 11:57 PM   #182
dchmelik
Member
 
Registered: Nov 2008
Location: USA
Distribution: FreeBSD Unix, Slackware, FreeSlack GNU/Linux, OpenBSD Unix, FreeDOS
Posts: 466

Rep: Reputation: 51
Quote:
Originally Posted by bassmadrigal View Post
It seems it may be worth reading through your /etc/pam.d/system-auth.conf file. Your complaints seem to be easily changed by commenting out the first two password lines and uncommenting the third (make sure you leave the 4th uncommented).
Thank you, but for some reason, I don't have '/etc/pam.d/*.conf:' only 36 other files (without file-name extensions... and is an entire 36 classic Unix-style 'doing one thing and doing it well?!') there, including system-auth, which looks completely different. I even went to default pure/classic/original (text-only/non-X) console (tty0) terminal (text-only/non-X,) successfully did (in /var/log/packages/pam) 'removepkg pam' & 'slackpkg install pam,' 'slackpkg new-config'... there were no new configuration files (still no /etc/pam.d/*.conf.) I've been reinstalling Slackware-current & FreeBSD-current often almost a month (to hopefully share /home) but already needed to learn a couple years Slackware changes, now this century-historic change. Currrently after a couple broken installs w/PAM (already tried making all configuration optional... didn't help, so I reinstalled; another time I didn't do much/anything to PAM but it put adduser into an infinite error loop) I may not have zeroed (trim, blkdiscard) my Slackware operating system's (OS) solid state drive's (SSD) partition after previous broken install, and doesn't sometimes some data remain on EXT (EXT4) partitions even after a so-called 'format?' Maybe I just need to zero the SSD and start over so that configuration file will appear next time... or is this repairable at this point? Maybe somehow we're on different versions? I updated mine mere seconds ago (no changes to PAM; only overwrite SBo's dash; shell, which I'm almost sure is irrelevant here.)

That's fine if someone can research for hours/day/weeks to make Slackware-current strictly Unix-like that way, but when surviving classic Unix still has original default (passwords optional) the issue is whether by next Slackware-stable release someone should encounter that kludge unexpectedly.

I pasted your exact second example into the exact filename given... nothing changed.

Last edited by dchmelik; 05-24-2020 at 03:57 AM.
 
Old 05-24-2020, 12:10 AM   #183
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 7,222

Rep: Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925
Quote:
Originally Posted by dchmelik View Post
Thank you, but for some reason, I don't have '/etc/pam.d/*.conf:' only 36 other files (without file-name extensions... and is an entire 36 classic Unix-style 'doing one thing and doing it well?!') there, including system-auth, which looks completely different. I even went to default pure/classic/original (text-only/non-X) console (tty0) terminal (text-only/non-X,) successfully did (in /var/log/packages/pam) 'removepkg pam' & 'slackpkg install pam,' 'slackpkg new-config'... there were no new configuration files (still no /etc/pam.d/*.conf) I've been reinstalling Slackware-current & FreeBSD-current often almost a month (to hopefully share /home) but already needed to learn a couple years Slackware changes, now this historic change. Currrently after a couple broken PAM installs (I already tried making all configuration optional... didn't help, so I reinstalled; another time I didn't do much/anything new for PAM but it put adduser into an infinite error loop.) I may not have zeroed (trim, blkdiscard) my Slackware operating system (OS) partition after a broken install, and doesn't sometimes some data remain on EXT (EXT4) partitions even after a 'format?' Maybe I just need to zero the SSD and start over so that configuration file will appear next time... or is this repairable at this point? Maybe somehow were on different 'current' versions? I updated mine mere seconds ago (no changes to PAM; only overwrite SBo's dash, which I'm almost sure is irrelevant here)

That's fine if someone can research for hours/day/weeks to make Slackware-current Unix-like that way, but when surviving classic Unix still has the original default (passwords optional) the issue is whether by next Slackware-stable release someone should encounter this unexpectedly.
Sorry, the file didn't end in .conf and I posted too quickly. Typically files in .d/ directories. I am not running -current, so I extracted the package to look through the files to help you out. They all ended in .new and I was thinking it was system-auth.conf.new, when it was just system-auth.new.

Just change those lines in /etc/pam.d/system-auth and you should be good.

Maybe it would've been better to open up a new post and ask how to do something rather than slam Pat for doing it this way. This is new software and it is going to take time to get used to.

The way Linux and UNIX work changes over time. Do you really think that no configuration files ever changed? That the login process never changed? When things change, you either need to embrace it and learn to use it as is or find out how to tweak it to restore previous behavior. Instead you decided to do either and instead complain on here without even asking how to restore the previous behavior.
 
Old 05-24-2020, 12:12 AM   #184
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 7,222

Rep: Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925Reputation: 4925
Quote:
Originally Posted by dchmelik View Post
Update: pasted your exact second example into the exact filename given... nothing changed; PAM still having its programmers automatically manage/restrict my system remotely like Apple/Microsoft/Google/etc. manage/restrict system administrators (sysadmins; ) Apple/Microsoft/Google/PAM/Debian/RedHat/etc. dismiss/disrespect original/older hacker culture.
If you're going to continue to complain, I'm outta here. Best of luck figuring it out!
 
Old 05-24-2020, 12:19 AM   #185
dchmelik
Member
 
Registered: Nov 2008
Location: USA
Distribution: FreeBSD Unix, Slackware, FreeSlack GNU/Linux, OpenBSD Unix, FreeDOS
Posts: 466

Rep: Reputation: 51
Quote:
Originally Posted by bassmadrigal View Post
Sorry, the file didn't end in .conf and I posted too quickly. Typically files in .d/ directories. I am not running -current, so I extracted the package to look through the files to help you out. They all ended in .new and I was thinking it was system-auth.conf.new, when it was just system-auth.new.

Just change those lines in /etc/pam.d/system-auth and you should be good.
Okay; now can't enter blank nor string password... infinite error loop: )

Code:
passwd: Authentication token manipulation error

that's  passwd: password unchanged

 - Warning: An error occured while setting the password for 

           this account. Please try again.
Quote:
Maybe it would've been better to open up a new post and ask how to do something rather than slam Pat for doing it this way. This is new software and it is going to take time to get used to.
Note/reread I haven't and am not 'slamming' him; other Slackware team members started/created PAM packages and have been updating to make more Unix-like (but not all may use this option themselves.) I simply didn't want to bother Mr. Volkerding (Patrick, Pat) with email. By posting in main topic thread in (quasi-)official forum, team becomes aware and hopefully those who started/created PAM packages can fix (maybe Pat wants to focus on other (bigger?) things.) It's not like Slackware-current is something secret. I'm merely reporting difficulties/bugs similar people can expect (many don't even use current yet but might try.)

If majority of older Unix hackers, such as my elderly/retired professors (or especially surviving original/founder/god hackers who taught them) claim 'you need to embrace [change ending classic Unix-style]' I might consider (but state my view/experience, maybe politely disagree or drop topic; ) other such opinions will be absolutely ignored.

Last edited by dchmelik; 05-24-2020 at 06:45 PM.
 
Old 05-24-2020, 02:26 AM   #186
gegechris99
Member
 
Registered: Oct 2005
Location: France
Distribution: Slackware current 64bit
Posts: 977
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
@dchmelik,

I haven't read all your long posts.
I will just try to help you in configuring PAM for your purpose and also because I may have the same use case in the future. We're all learning how to deal with PAM in Slackware current and missteps may happen.
bassmadrigal tried to help you but will probably have difficulty going further because he's not using current.

Back to your issues. Can you post the content of /etc/pam.d/system-auth that causes the issues? The orders of instructions in the file is important. Also which command is failing: passwd, adduser?
 
Old 05-24-2020, 02:30 AM   #187
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 2,529

Rep: Reputation: 790Reputation: 790Reputation: 790Reputation: 790Reputation: 790Reputation: 790Reputation: 790
Quote:
Originally Posted by dchmelik View Post
Thanks! However, update: now can't enter blank nor string password...
I guess you missed this:
https://www.linuxquestions.org/quest...rd-4175675708/

Sorry if I've missed your point... ain't nobody got time to read all that.
 
1 members found this post helpful.
Old 05-24-2020, 03:27 AM   #188
dchmelik
Member
 
Registered: Nov 2008
Location: USA
Distribution: FreeBSD Unix, Slackware, FreeSlack GNU/Linux, OpenBSD Unix, FreeDOS
Posts: 466

Rep: Reputation: 51
Quote:
Originally Posted by gegechris99 View Post
[...] Can you post the content of /etc/pam.d/system-auth that causes the issues? The orders of instructions in the file is important. Also which command is failing: passwd, adduser?
I only did what bassmadrigal said (had to work on it; wrong combination of lines causes adduser infinite loops without getting to passwd) but now just passwd forces non-blank password. Of course, I can enter & erase; waste huge time in future.

Code:
#%PAM-1.0
#
# Most of these PAM modules have man pages included, like 
# pam_unix(8) for example.
#

##################
# Authentication #
##################
#
auth        required      pam_env.so
auth        optional      pam_group.so
auth        sufficient    pam_unix.so likeauth nullok
auth        required      pam_deny.so
auth        optional      pam_gnome_keyring.so

##################
# Account checks #
##################
#
# Only root can login if file /etc/nologin exists.
# This is equivalent to NOLOGINS_FILE on login.defs
#
account     required      pam_nologin.so
#
# Enable restrictions by time, specified in /etc/security/time.conf
# This is equivalent to PORTTIME_CHECKS_ENAB on login.defs
#
account     required      pam_time.so           
account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 100 quiet
account     required      pam_permit.so

#############################
# Password quality checking #
#############################
#
# Please note that unless cracklib and libpwquality are installed, setting
# passwords will not work unless the lines for the pam_pwquality module are
# commented out and the line for the traditional no-quality-check password
# changing is uncommented.
#
# The pam_pwquality module will check the quality of a user-supplied password
# against the dictionary installed for cracklib. Other tests are (or may be)
# done as well - see: man pam_pwquality
#
# Default password quality checking with pam_pwquality. If you don't want
# password quality checking, comment out these two lines and uncomment the
# traditional password handling line below.
#password    requisite     pam_pwquality.so minlen=6 retry=3
#password    sufficient    pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok

# Traditional password handling without pam_pwquality password checking.
# Commented out by default to use the two pam_pwquality lines above.
password    sufficient    pam_unix.so nullok sha512 shadow minlen=6

# ATTENTION: always keep this line for pam_deny.so:
password    required      pam_deny.so

#########################
# Session Configuration #
#########################
#
# This applies the limits specified in /etc/security/limits.conf
#
session     required      pam_limits.so
session     required      pam_unix.so
#session     required      pam_lastlog.so showfailed
#session     optional      pam_mail.so standard
session     optional      pam_gnome_keyring.so auto_start

Last edited by dchmelik; 05-24-2020 at 06:46 PM.
 
Old 05-24-2020, 03:44 AM   #189
ponce
LQ Guru
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 5,514

Rep: Reputation: Disabled
https://www.youtube.com/watch?v=yR5Z4n1TdSI
 
1 members found this post helpful.
Old 05-24-2020, 03:47 AM   #190
lioh
Member
 
Registered: Aug 2019
Location: Switzerland
Distribution: Slackware
Posts: 142

Rep: Reputation: Disabled
Quote:
Originally Posted by lioh View Post
Hi again,

I have noticed that ConsoleKit2 does not seem to be launched anymore which causes a few side effects.
...
In the meanwhile I have figured out the root cause. The .xsession file created by xwmconfig for IceWM looks like this:

Code:
if [ -z "$XDG_SESSION_COOKIE" -a -x /usr/bin/ck-launch-session ]; then
it seems that XDG_SESSION_COOKIE is not set when using PAM so I changed it to that:

Code:
if [ -z "$DESKTOP_SESSION" -a -x /usr/bin/ck-launch-session ]; then
and it works again as expected.

Greetings
Lioh
 
Old 05-24-2020, 05:10 AM   #191
GazL
LQ Guru
 
Registered: May 2008
Distribution: CRUX
Posts: 5,507
Blog Entries: 14

Rep: Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342Reputation: 3342
Quote:
Originally Posted by lioh View Post
it seems that XDG_SESSION_COOKIE is not set when using PAM ...
It is on mine (logging in via xdm) pam_ck_connector.so creates it when run without the nox11 option.
It also appears to mount a tmpfs for /var/run/user/$UID, but apparently fails to set XDG_RUNTIME_DIR to point to it.


I confirmed it by logging in with a failsafe session which doesn't use any xinitrc/xsession file other than /etc/X11/xdm/Xsession.

Last edited by GazL; 05-24-2020 at 05:26 AM. Reason: typo
 
Old 05-24-2020, 05:12 AM   #192
gegechris99
Member
 
Registered: Oct 2005
Location: France
Distribution: Slackware current 64bit
Posts: 977
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
Quote:
Originally Posted by dchmelik View Post
I only did what bassmadrigal said (had to work on it; wrong combination of lines causes adduser infinite loops without getting to passwd) but now just passwd forces non-blank password. Of course, I can enter & erase (unacceptable; ) waste huge time in future.

Code:
# Default password quality checking with pam_pwquality. If you don't want
# password quality checking, comment out these two lines and uncomment the
# traditional password handling line below.
#password    requisite     pam_pwquality.so minlen=6 retry=3
#password    sufficient    pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok

# Traditional password handling without pam_pwquality password checking.
# Commented out by default to use the two pam_pwquality lines above.
#password    sufficient    pam_unix.so nullok sha512 shadow minlen=6
You didn't uncomment the above red line. Remove the # character at the beginning of this line and it should be better.
 
Old 05-24-2020, 05:16 AM   #193
dchmelik
Member
 
Registered: Nov 2008
Location: USA
Distribution: FreeBSD Unix, Slackware, FreeSlack GNU/Linux, OpenBSD Unix, FreeDOS
Posts: 466

Rep: Reputation: 51
Quote:
Originally Posted by gegechris99 View Post
You didn't uncomment the above red line. Remove the # character at the beginning of this line and it should be better.
Oops; old version; updated. After I uncommented that, it stopped the infinite loop (as mentioned.) Now I simply can't setup users I decide to enter blank password (since PAM decided to restrict passwd.)

Last edited by dchmelik; 05-24-2020 at 05:34 AM.
 
Old 05-24-2020, 05:33 AM   #194
gegechris99
Member
 
Registered: Oct 2005
Location: France
Distribution: Slackware current 64bit
Posts: 977
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
I'm not sure what you mean by "not enter password for a user". Do you mean that you pressed "Enter" when prompted for a password? I don't know if this method qualifies as a blank password for PAM.

This line you just uncommented in /etc/pam.d/system-auth has some parameters:
Code:
password    sufficient    pam_unix.so nullok sha512 shadow minlen=6
"nullok" should allow blank password but I don't know what is blank password here.
"minlen=6" means that a password should have a minimum length of 6 characters. If you pressed "Enter" when prompted for a password, it's possible that the user password is a zero-length string ("") and this is not allowed with this option.
Try without the "minlen=6" option.
Code:
password    sufficient    pam_unix.so nullok sha512 shadow
 
Old 05-24-2020, 05:38 AM   #195
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,076

Rep: Reputation: 6865Reputation: 6865Reputation: 6865Reputation: 6865Reputation: 6865Reputation: 6865Reputation: 6865Reputation: 6865Reputation: 6865Reputation: 6865Reputation: 6865
Quote:
Originally Posted by gegechris99 View Post
"nullok" should allow blank password but I don't know what is blank password here.
I answered that in another recent PAM related thread.

Last edited by Alien Bob; 05-24-2020 at 05:55 AM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
a bug in dialog merged with Slackware64 current? duturo1953 Slackware 1 08-23-2017 02:26 PM
/etc/pam.d/system-auth-ac vs. /etc/pam.d/password-auth-ac vs. /etc/pam.d/sshd christr Red Hat 2 08-01-2014 07:08 PM
PAM module:passwd:- how many character validate by pam library amit_pansuria Linux - General 3 10-21-2008 01:19 AM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-22-2004 11:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration