1 |
Alan McKinnon wrote: |
2 |
> On Sunday 03 May 2009 04:53:41 Mike Kazantsev wrote: |
3 |
>> On Sat, 02 May 2009 20:52:39 -0400 |
4 |
> |
5 |
>> I don't know about motd, but the rest looks like pam problem to me, if |
6 |
>> you're using pam, of course. Try 'euse -i pam' to see if it's enabled. |
7 |
>> |
8 |
>> If that's the case, first of all I'd suggest to check etc-update. |
9 |
>> Then look through /etc/pam.d, especially system-* files. There you can |
10 |
>> remove some of the required (for successfull authentication) modules, |
11 |
>> so their failure won't affect the process. |
12 |
> |
13 |
> And read the elogs. There's been some pam updates come through on my machines |
14 |
> the last few weeks/months. |
15 |
> |
16 |
|
17 |
I re-emerged pam and following this message: |
18 |
|
19 |
-------------- |
20 |
LOG: postinst |
21 |
Starting from version 20080801, pambase optionally enables |
22 |
SHA512-hashed passwords. For this to work, you need sys-libs/pam-1.0.1 |
23 |
built against sys-libs/glibc-2.7 or later. |
24 |
If you don't have support for this, it will automatically fallback |
25 |
to MD5-hashed passwords, just like before. |
26 |
|
27 |
Please note that the change only affects the newly-changed passwords |
28 |
and that SHA512-hashed passwords will not work on earlier versions |
29 |
of glibc or Linux-PAM. |
30 |
-------------- |
31 |
|
32 |
I edited /etc/login.defs |
33 |
|
34 |
---------------- |
35 |
# This variable is deprecated. You should use ENCRYPT_METHOD. |
36 |
# |
37 |
#MD5_CRYPT_ENAB yes |
38 |
|
39 |
# Note: If you use PAM, it is recommended to use a value consistent with |
40 |
# the PAM modules configuration. |
41 |
# |
42 |
#ENCRYPT_METHOD DES |
43 |
ENCRYPT_METHOD SHA512 |
44 |
------------------- |
45 |
|
46 |
since I find this in /etc/pam.d/system-auth |
47 |
|
48 |
------------ |
49 |
password required pam_unix.so try_first_pass use_authtok |
50 |
nullok sha512 shadow |
51 |
-------------- |
52 |
|
53 |
After these changes (do I need to reboot? I am doing this remotely so I |
54 |
will have to wait till I can sit on the console) still can't login or su |
55 |
to 3 of the accounts. Also created a new account and no luck login to to |
56 |
it nor using su. Apparently newly created accounts definitely are |
57 |
affected. Older accounts still work (???) |
58 |
|
59 |
I have used a debug option on the pam modules but didn't manage to get |
60 |
additional info in the /var/log/message file. |
61 |
|
62 |
Thanks for any suggestions. |
63 |
|
64 |
-- |
65 |
Valmor |