Am 2011-03-14 05:06, schrieb xsdnd:
>
> I am using Opensuse for years and did many upgrades without problems.
> But this time everything fails one by one.
>
> First 11.3 to 11.4 update failed (possibly zypper bug ?)
> Then i did a clean install form DVD with preservering my home
> partition. Guess what ?
>
> I can login my system with ANY password with any valid user ?!? Also
> passwd doesnt works…
>
> That look likes a pam error but i am not sure how to solve this…
>
> Here is the error pam gives me when i type passwd:
> mobilix:~ # passwd
> Changing password for root.
> passwd: Permission denied
>
> mobilix:~ # tail /var/log/messages
> Mar 14 05:47:17 mobilix passwd[9109]: User root: Permission denied
> Mar 14 05:47:17 mobilix passwd[9109]: password change failed, pam error
> 6 - account=root, uid=0, by=0
>
> Any ideas ?
>
I seem to remember something about changed user numbering in
11.4: Add 1000 or the like. Not quite sure. You may search in
that direction.
Estella@NetOMat:~> su
Passwort:
NetOMat:/home/Estella # id
uid=0(root) gid=0(root) Gruppen=0(root)
NetOMat:/home/Estella # passwd
Ändere Passwort für root.
passwd: Berechtigung verweigert
NetOMat:/home/Estella # tail -4 /var/log/messages
Feb 27 23:33:53 NetOMat su: (to root) Estella on /dev/pts/5
Feb 27 23:34:00 NetOMat passwd[6930]: User root: Berechtigung verweigert
Feb 27 23:34:00 NetOMat passwd[6930]: password change failed, pam error 6 - account=root, uid=0, by=0
NetOMat:/home/Estella #
A reinstall did not solve this issue.
Neither switching from blowfish to md5 helped nor did toggling on/off any other option under yast->Security and Users->User and Group Management. e.g. autologin / login without password, etc…
@EstellaDinsmoor
I only have questions,
are the permission on /etc/passwd file 0644 ?
does the password you want have a space but isn’t quoted?
are you making typo errors, 2 key finger, caps?
( type the password on a tomboy, copy and paste to passwd:)
Or if you have them
diff3 /etc/passwd /etc/passwd.backup /etc/passwd.YaST2save
Oops, you don’t have passwords, everything works as a password?
Even after a clean install? Wasn’t there an option during install that asked if you were the only user of the PC?
If true and you selected that and auto login?
Can you add a user, who must login, to see if that creates passwords.
The permissions on /etc/passwd are 0644 root - root.
/etc/shadow 0640 root shadow.
The passwords do not include space or any other special characters. They are all just alphanumerical.
Passwords were created successfully (at least the hash can be found in /etc/shadow) for the accounts root, Estella and test. test is the account i created to check if a login with a user who is not the initial user would work. Just as before, i can enter whatever i want to log in as this ‘test’-user. What does not work as the test-user is logging into kde. But once i log into kde using Estella or root, i can ‘su’ to test without a problem. test can not reset his password, just as the other two users.
On my first install i had separate passwords for my ‘main’-user Estella and root, but i selected autologin for Estella. On my second install i switched to Main- and rootuser get the same password but autologin disabeld. Both times i chose blowfish as the encryptionalgorithm. In both cases i was neither able to reset any passwords nor was there any check, whether or not the passwords were correct. Any password was accepted as valid. I discovered this after being sure i had a typo when 'su’ing to root, but it still worked.
As i said before, i went into yast->Security and Users->User and Group Management an started switching the algorithm, turned autologin on and off etc. I basically tried every option yast offers me, but none would work. I still can’t change any passwords.
My Samba accounts on the other hand are handled as expected. i did not install any other software which has user authentication so far, since it seems it is not worth the effort, if my systemaccounts are broken.
To sum up, what i did:
Install Opensuse, online update right at install included.
install Nvidia drivers (
Edit /boot/grub/menu.lst and add nomodeset to the boot arguments in the default boot.
In Yast > System > etc/Sysconfig editor go to System > Kernel > NO_KMS_IN_INTRID and change the default no to yes
Add the nVidia repo for 11.4: http://download.nvidia.com/opensuse/11.4/
Now open Yast > Software > Software Management and you will find the driver is automatically added to install - Accept the install
Reboot
)
Turn off apparmor.
configure Samba.
configure udev automount rules, to automount my external harddrives and automatically create Sambamounts.
If one should wonder about turning off apparmor, on my first install it was still running and the same problem occurred. Truning it back on right now, doesn’t help either.
I turned it off to be able to use Samba.
Besides those steps i have not done anything.
Right now i don’t know what else i could do. Maybe i switch back to 11.3, but thats just avoiding the problems, not solving them…
Good summary, thank you. I’m still clueless but going through your steps the etc/sysconfig from my install of 11.4 the default is “yes” not “no”. Also, it states you need to run /sbin/mkinitrd. I haven’t tried to change my passwords but I definitely must use the correct passwords for su and logins.
before you test any configuration:
I installed my system for the third and forth time now. I still have the same problems right from the start.
I deselected autologin, chose different passwords for main and root-User, formated everything, what might have left a tiny file, but once installation is done, logins are not checked. I can login using a wrong password, i can ‘su’ using any pwd i like etc. This is vanilla 11.4 openSUSE, downloaded and burned as a DVD. Not even the nVidia driver was installed. Checked with DVD in drive and taken out.
Sadly I am not going to install 11.4 again
I guess I’ll take a closer look at Ubuntu.
Thx for your help, anyway.
Maybe somebody might be interested in this bug, so I hope this thread ist not useless.
i don’t have openSUSE 11.4 installed anymore. Right now i have an Ubuntu-Server up and running. Give me some time to come back to you, i might give it a new try over the weekend. I still don’t understand why i should not be able to change any password even if the correct ‘old’ one was entered.
I doubt that DISPLAYMANAGER_PASSWORD_LESS_LOGIN=“yes” is supposed to render all security measures/options useless.
Anyhow, we will see what the next test will bring.
The difference is that the clean install worked well (and I checked another installation I have on a VM, though with XFCE rather than KDE - also is correct). However yesterday I noticed that I could login to any account on my production machine with any password (or without a password whatsoever). Including root.
All settings mentioned in this thread seem to be correct.
Same problem, clean install of 11.4, set password during install, after install I can login with root and the user without passwords and when I try to set a new password using passwd I get permission denied, for both root and the user
On 2011-06-02 09:06, Xilanaz wrote:
>
> Same problem, clean install of 11.4, set password during install, after
> install I can login with root and the user without passwords and when I
> try to set a new password using passwd I get permission denied, for both
> root and the user
If you can login with any password, you need to create a bugzilla fast,
security component, severity critical.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
After entering the bugzilla I been searching on the PAM stuff, as that is the only error available in var/log/messages and found the sollution. copy from the bugzilla post:
Okay, I been searching into this PAM error and found the /etc/pam.d, here I
noticed a difference between the pam.d on the laptop and that on the desktops,
it had a few files more like common-auth-rpmnew and some files where different
in size by a few bytes
so I made a backup of pam.d on the laptop and copied the pam.d over from the
desktop, and low and behold passwords now work !!!
Now I know little of pam.d and how the installation of opensuse works but I can
be sure I did not touch that directory. Maybe opensuse uses diffrent images
if its laptop vs desktop ?
anyways, I have no clue as to why but it might help others
On 2011-06-02 16:06, Xilanaz wrote:
>
> After entering the bugzilla I been searching on the PAM stuff, as that
> is the only error available in var/log/messages and found the sollution.
> copy from the bugzilla post:
…
> anyways, I have no clue as to why but it might help others
Well, they are text files, you could have compared them to see which entry
was different, that would be interesting. Why different in the laptop?
Chance, that you did not install the same things on both machines… who knows.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
Has this been resolved yet? I just did a completely clean install with all defaults and I’m having exactly the same problems. I’ve been using SUSE since 7.3 and I don’t want to have to jump on the Ubuntu bandwagon.
In case it’s relevant, the root password I gave during the install contains a ‘*’ and a ‘&’.
