Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Change passwd problem - Critical Error
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
flipnode
Apprentice
Apprentice


Joined: 03 Oct 2004
Posts: 172
Location: USA

PostPosted: Sat Mar 12, 2005 5:57 am    Post subject: Change passwd problem - Critical Error Reply with quote

Okay.. i was trying to secure my server. I wasn't doing all this crazy stuff. Just thought a few things were a good idea and wouldn't be that hard to implement.

So, I find this http://www.gentoo.org/doc/en/gentoo-security.xml. And I get to this part.. and do it.

Code:

8. PAM (Pluggable Authentication Modules)

PAM is a suite of shared libraries that provide an alternative way providing user authentication in programs. The pam USE flag is turned on by default. Thus the PAM settings on Gentoo Linux are pretty reasonable, but there is always room for improvement. First install cracklib.

Code Listing 8.1: Installing cracklib

# emerge cracklib

Code Listing 8.2: /etc/pam.d/passwd

auth    required pam_unix.so shadow nullok
account    required pam_unix.so
password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=2 ocredit=2
password required pam_unix.so md5 use_authtok
session    required pam_unix.so

This will add the cracklib which will ensure that the user passwords are at least 8 characters and contain a minimum of 2 digits, 2 other characters, and are more than 3 characters different from the last password. This forces the user to choose a good password (password policy). Check the PAM documentation for more options.

Code Listing 8.3: /etc/pam.d/sshd

auth    required pam_unix.so nullok
auth     required pam_shells.so
auth    required pam_nologin.so
auth    required pam_env.so
account    required pam_unix.so
password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=2 ocredit=2 use_authtok
password required pam_unix.so shadow md5
session    required pam_unix.so
session    required pam_limits.so

Every service not configured with a PAM file in /etc/pam.d will use the rules in /etc/pam.d/other. The defaults are set to deny, as they should be. But I like to have a lot of logs, which is why I added pam_warn.so. The last configuration is pam_limits, which is controlled by /etc/security/limits.conf. See /etc/security/limits.conf section for more on these settings.

Code Listing 8.4: /etc/pam.d/other

auth     required pam_deny.so
auth     required pam_warn.so
account  required pam_deny.so
account  required pam_warn.so
password required pam_deny.so
password required pam_warn.so
session  required pam_deny.so
session  required pam_warn.so



Now! Those three files had a few default settings and I just commented them out.. just in case I wanted to revert if something went wrong. Well, Something went wrong. So I changed the files back to what they were before , and did emerge -C cracklib.

It fixed my ssh login problem, but now I can't change my passwords. I keep getting this error
Code:
 passwd: Critical error - immediate abort


I have no clue what to do. Everything as it was.. hmm..:idea: :?: 8O
_________________
I think Gentoo is great!
Back to top
View user's profile Send private message
tukachinchila
Apprentice
Apprentice


Joined: 11 Mar 2005
Posts: 274
Location: Oregon

PostPosted: Sat Mar 12, 2005 6:50 am    Post subject: Reply with quote

I've followed that same document without any problems, so I'm not sure what happened. Try re-emerging shadow and pam-login and see if that fixes the critical error with passwd.
Back to top
View user's profile Send private message
trooper_ryan
n00b
n00b


Joined: 07 Apr 2004
Posts: 74

PostPosted: Sat Mar 12, 2005 8:54 am    Post subject: Reply with quote

I had this problem on a box last week. Solved by downgrading either pam or cracklib. (Cannot remember which)
Back to top
View user's profile Send private message
flipnode
Apprentice
Apprentice


Joined: 03 Oct 2004
Posts: 172
Location: USA

PostPosted: Sat Mar 12, 2005 9:09 am    Post subject: Still not working Reply with quote

Okay, i have done those emerges and I stil can't, although..

Getting this error
Code:
passwd: Authentication token manipulation error

_________________
I think Gentoo is great!
Back to top
View user's profile Send private message
trooper_ryan
n00b
n00b


Joined: 07 Apr 2004
Posts: 74

PostPosted: Sat Mar 12, 2005 9:24 am    Post subject: Reply with quote

Looks like a PAM related problem.

Move your /etc/pam.d/passwd file somewhere then remerge pam for the defaults. My money says that'll get you running at a minimum.
Back to top
View user's profile Send private message
flipnode
Apprentice
Apprentice


Joined: 03 Oct 2004
Posts: 172
Location: USA

PostPosted: Sun Mar 13, 2005 9:30 am    Post subject: Authentication token manipulation error Reply with quote

Okay none of the above has worked to solve the problem...

Code:
 passwd: Authentication token manipulation error


I have to say this is really weird. Is there anyone that may know what to do? I am going to try emerge system and see what that does.
_________________
I think Gentoo is great!
Back to top
View user's profile Send private message
tukachinchila
Apprentice
Apprentice


Joined: 11 Mar 2005
Posts: 274
Location: Oregon

PostPosted: Sun Mar 13, 2005 10:00 am    Post subject: Reply with quote

A quick google search brought this page up: http://www.linuxquestions.org/questions/archive/4/2001/05/4/2813 which might be helpful for you.
Back to top
View user's profile Send private message
flipnode
Apprentice
Apprentice


Joined: 03 Oct 2004
Posts: 172
Location: USA

PostPosted: Mon Mar 14, 2005 1:25 am    Post subject: Half way fixed the passwd error Reply with quote

I backed up my /etc/shadow and did pwconv passwd. That seemed to help on the root side of changing the password.
I can't get a regular users password changed to save my life!

I am still getting the same error. It lets me type the password the first time and then fails...
Any other ideas?[/code]
_________________
I think Gentoo is great!
Back to top
View user's profile Send private message
tukachinchila
Apprentice
Apprentice


Joined: 11 Mar 2005
Posts: 274
Location: Oregon

PostPosted: Mon Mar 14, 2005 2:34 am    Post subject: Reply with quote

If you do:
Code:
userdel [the user who's passwd you can't change]
useradd [the user you just deleted]
passwd [user]

Does that fix anything?
Back to top
View user's profile Send private message
flipnode
Apprentice
Apprentice


Joined: 03 Oct 2004
Posts: 172
Location: USA

PostPosted: Tue Mar 15, 2005 9:57 am    Post subject: Reply with quote

I think this problem has to do with the system. So, I am emerging system now. I re installed gentoo and the problem was there..

Root can change password fine. Yes I deleted the user and when I created him again. The password was set. Although, I couldn't change it after that. Very stange.
_________________
I think Gentoo is great!
Back to top
View user's profile Send private message
flipnode
Apprentice
Apprentice


Joined: 03 Oct 2004
Posts: 172
Location: USA

PostPosted: Wed Mar 16, 2005 9:40 pm    Post subject: Passwd Error solution Reply with quote

okay, I have fixed the problem. When I setup the server I used a stage-3 install. I believe there is a bug , with the 2004.3 - stage3 and changing the password.

To fix the problem just run
Code:
emerge -uD world


Geez.. lol:roll: :wink:
_________________
I think Gentoo is great!
Back to top
View user's profile Send private message
Maedhros
Bodhisattva
Bodhisattva


Joined: 14 Apr 2004
Posts: 5511
Location: Durham, UK

PostPosted: Tue Aug 02, 2005 7:39 am    Post subject: Reply with quote

Moved from Networking & Security to Duplicate Threads in favour of https://forums.gentoo.org/viewtopic-t-25206.html
_________________
No-one's more important than the earthworm.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum