| 1 |
Alan McKinnon wrote: |
| 2 |
> On Sunday 03 May 2009 04:53:41 Mike Kazantsev wrote: |
| 3 |
>> On Sat, 02 May 2009 20:52:39 -0400 |
| 4 |
> |
| 5 |
>> I don't know about motd, but the rest looks like pam problem to me, if |
| 6 |
>> you're using pam, of course. Try 'euse -i pam' to see if it's enabled. |
| 7 |
>> |
| 8 |
>> If that's the case, first of all I'd suggest to check etc-update. |
| 9 |
>> Then look through /etc/pam.d, especially system-* files. There you can |
| 10 |
>> remove some of the required (for successfull authentication) modules, |
| 11 |
>> so their failure won't affect the process. |
| 12 |
> |
| 13 |
> And read the elogs. There's been some pam updates come through on my machines |
| 14 |
> the last few weeks/months. |
| 15 |
> |
| 16 |
|
| 17 |
I re-emerged pam and following this message: |
| 18 |
|
| 19 |
-------------- |
| 20 |
LOG: postinst |
| 21 |
Starting from version 20080801, pambase optionally enables |
| 22 |
SHA512-hashed passwords. For this to work, you need sys-libs/pam-1.0.1 |
| 23 |
built against sys-libs/glibc-2.7 or later. |
| 24 |
If you don't have support for this, it will automatically fallback |
| 25 |
to MD5-hashed passwords, just like before. |
| 26 |
|
| 27 |
Please note that the change only affects the newly-changed passwords |
| 28 |
and that SHA512-hashed passwords will not work on earlier versions |
| 29 |
of glibc or Linux-PAM. |
| 30 |
-------------- |
| 31 |
|
| 32 |
I edited /etc/login.defs |
| 33 |
|
| 34 |
---------------- |
| 35 |
# This variable is deprecated. You should use ENCRYPT_METHOD. |
| 36 |
# |
| 37 |
#MD5_CRYPT_ENAB yes |
| 38 |
|
| 39 |
# Note: If you use PAM, it is recommended to use a value consistent with |
| 40 |
# the PAM modules configuration. |
| 41 |
# |
| 42 |
#ENCRYPT_METHOD DES |
| 43 |
ENCRYPT_METHOD SHA512 |
| 44 |
------------------- |
| 45 |
|
| 46 |
since I find this in /etc/pam.d/system-auth |
| 47 |
|
| 48 |
------------ |
| 49 |
password required pam_unix.so try_first_pass use_authtok |
| 50 |
nullok sha512 shadow |
| 51 |
-------------- |
| 52 |
|
| 53 |
After these changes (do I need to reboot? I am doing this remotely so I |
| 54 |
will have to wait till I can sit on the console) still can't login or su |
| 55 |
to 3 of the accounts. Also created a new account and no luck login to to |
| 56 |
it nor using su. Apparently newly created accounts definitely are |
| 57 |
affected. Older accounts still work (???) |
| 58 |
|
| 59 |
I have used a debug option on the pam modules but didn't manage to get |
| 60 |
additional info in the /var/log/message file. |
| 61 |
|
| 62 |
Thanks for any suggestions. |
| 63 |
|
| 64 |
-- |
| 65 |
Valmor |
Archives