Odd behavior from passwd. Post: 303039001

Sponsored Content

Special Forums Cybersecurity Odd behavior from passwd. Post 303039001 by Peasant on Thursday 19th of September 2019 08:12:40 AM

09-19-2019

Moderator

I've seen this when multiple PAM rules are matched for one user or group.
Check pam configuration for such rules.

For instance :

Code:

.. other lines ..
password    [default=1 success=ignore] pam_succeed_if.so ... <some conditions like uid gid>
password    requisite     pam_cracklib.so ... <other pw related stuff>
password    [default=1 success=ignore] pam_succeed_if.so ... <other conditions for uid gid>
password    requisite     pam_cracklib.so ... <other pw related stuff>
... other lines...

If a user matches both conditions it will get password prompt twice.
So, AFAIK PAM rules should be very specific and be exclusive, so two rules do not match one group or user.

This is a bit older release, but in newer it is the same, except pam_pwquality.so is used.

Files which are used for such rules are :

Code:

/etc/pam.d/system-auth 
/etc/pam.d/password-auth

Hope that helps
Regards
Peasant.

These 3 Users Gave Thanks to Peasant For This Post:

Peasant

View Public Profile for Peasant

Find all posts by Peasant

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

even odd script

I need a unix script that check for even or odd. EXAMPLE:::: please enter the number to check: 12 the output: This is an even number it has to have prompts.

2. UNIX for Dummies Questions & Answers

Odd .sh behavior in script

Hello, I have been working on a what I thought was a fairly simple script for installing a software kit on Linux and Unix I am not new to scripting but am far from being fluent in sh scripting. any assistance would be appreciated. I have an odd bug occuring when executing the script. When...

3. HP-UX

Odd storage behavior

Hi, We have some troubles with our HP server (rx4640) running HP-UX 11.31. The server is attached to a JBod cabinet. If the JBod cabinet is powered on and we power on the server after then HP-UX can't find the devices (disks) at the cabinet. Does not help to run an ioscan -fnC disk. But if I power...

4. Shell Programming and Scripting

"Odd" behavior exiting shell script

Is it normal behavior for a shell script that terminates to terminate its parent shell when executed with the "." option? For example, if I have the example script (we'll name it ex.sh): #!/bin/sh if then echo "Bye." exit 2 fi And I execute it like this: >./ex.sh It...

5. UNIX for Dummies Questions & Answers

Finding the odd one out!

Hi guys, I wondered if someone would be able to help me. I have a number of files which all have entries in them looking something like; And I'm looking for a way where by I can compare a number of these files and identify the odd numbers in the sequence. So for example if I had to...

6. Solaris

passwd cmd reenables passwd aging in shadow entry

Hi Folks, I have Solaris 10, latest release. We have passwd aging set in /etc/defalut/passwd. I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging. When I reset the users passwd using passwd command, it re enables...

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

8. Solaris

Odd vi error

Hello, I have a weird think going on, on one of my servers. vi filename "/var/tmp" No such file or directory What going on here?

9. Programming

Odd behavior from GDB while trying to cross-debug an embedded Linux application.

Some background: The application normally runs on an embedded platform. Currently, for development purposes, I have the rootfs located @ /exports and the target is communicating over NFS. That way I can make a change on my local system, save the application @ /exports, and run the altered...

LEARN ABOUT OSF1

vipw

vipw(8) 						      System Manager's Manual							   vipw(8)

NAME

       vipw - Edits the /etc/passwd file

SYNOPSIS

       /usr/sbin/vipw

DESCRIPTION

       You  use  the vipw command to edit the /etc/passwd file with the editor defined in the EDITOR environment variable.  If the variable is not
       set, the default editor is vi.

       The vipw command performs basic consistency checks on the edited file.  If a hashed indexed passwd existed  previously,	the  vipw  command
       uses the mkpasswd command to create recreate it.

       The  command must not be used on systems that use extended security attributes since it cannot set or change them.  You must be root to run
       this command.  Only root and security administrators should have execute access to this command.

       Since the vipw command cannot effectively change all the attributes of users, it should not be used in a secure environment.

       The vipw command accesses the following files, and requires the listed permissions:

       ------------------------------
       Permissions   File
       ------------------------------
	   rw	     /etc/passwd

	   rw	     /etc/passwd.pag

	   rw	     /etc/passwd.dir

	   rw	     /etc/ptmp

	   rw	     /etc/ptmp.pag

	   rw	     /etc/ptmp.dir
       ------------------------------

EXAMPLE

       To edit the /etc/passwd file, type the following command and add the required line entry: vipw

FILES

       Specifies the command path

RELATED INFORMATION

       Commands:  passwd(1), passwd(4), adduser(8), mkpasswd(8) delim off

																	   vipw(8)