1 |
Alan McKinnon wrote: |
2 |
|
3 |
> experiment to see if it's the new hashes that are doing it. Find an account |
4 |
> that can sudo to root on the affected machines and examine the shadow file. |
5 |
> See what kind of hashes the affected accounts are using. md5 is 34 characters |
6 |
> long and sha512 is 98 in this format: |
7 |
> |
8 |
> $x$<salt>$<hash> |
9 |
> x is 1 for md5 and 6 for sha512. <salt> is 8 characters for both |
10 |
|
11 |
Thanks for spending time with this. After looking at the shadow file, I |
12 |
have accounts with both md5 and sha512. In particular affected accounts |
13 |
that have md5 and sha512. |
14 |
|
15 |
I looked closely at the .bashrc (used echo "made to here" marks to |
16 |
follow the login sequence) of the bad accounts and they were all |
17 |
sourcing a script from a third-party package that went bad after the OS |
18 |
update. Luckily this was not in all accounts and specially not in the |
19 |
root account. Otherwise I would have been locked outside the machine. |
20 |
After getting rid of that line in the users .bashrc all returned to normal. |
21 |
|
22 |
One more thing to do was to uncomment the line |
23 |
|
24 |
PrintMotd no |
25 |
PrintLastLog no |
26 |
|
27 |
in /etc/sshd_config to avoid the double motd/last log messages upon |
28 |
login.I guess after the portage update, pam is now printing that. |
29 |
|
30 |
> |
31 |
> Here's mine which works: |
32 |
> |
33 |
> auth include system-auth |
34 |
> account include system-auth |
35 |
> password include system-auth |
36 |
> session include system-auth |
37 |
> |
38 |
> And you did confirm that sudo checks for wheel group membership, and that you |
39 |
> are still in this group? |
40 |
> |
41 |
|
42 |
This is exactly like mine. |
43 |
|
44 |
Thanks for all the help. |
45 |
|
46 |
-- |
47 |
Valmor |