Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Odd behavior from passwd.
Special Forums Cybersecurity Odd behavior from passwd. Post 303039001 by Peasant on Thursday 19th of September 2019 08:12:40 AM
Old 09-19-2019
I've seen this when multiple PAM rules are matched for one user or group.
Check pam configuration for such rules.

For instance :
Code:
.. other lines ..
password    [default=1 success=ignore] pam_succeed_if.so ... <some conditions like uid gid>
password    requisite     pam_cracklib.so ... <other pw related stuff>
password    [default=1 success=ignore] pam_succeed_if.so ... <other conditions for uid gid>
password    requisite     pam_cracklib.so ... <other pw related stuff>
... other lines...

If a user matches both conditions it will get password prompt twice.
So, AFAIK PAM rules should be very specific and be exclusive, so two rules do not match one group or user.

This is a bit older release, but in newer it is the same, except pam_pwquality.so is used.

Files which are used for such rules are :
Code:
/etc/pam.d/system-auth 
/etc/pam.d/password-auth

Hope that helps
Regards
Peasant.
These 3 Users Gave Thanks to Peasant For This Post:
drl gull04 Neo
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

even odd script

I need a unix script that check for even or odd. EXAMPLE:::: please enter the number to check: 12 the output: This is an even number it has to have prompts. (2 Replies)
Discussion started by: snyper2k2
2 Replies

2. UNIX for Dummies Questions & Answers

Odd .sh behavior in script

Hello, I have been working on a what I thought was a fairly simple script for installing a software kit on Linux and Unix I am not new to scripting but am far from being fluent in sh scripting. any assistance would be appreciated. I have an odd bug occuring when executing the script. When... (2 Replies)
Discussion started by: robertmcol
2 Replies

3. HP-UX

Odd storage behavior

Hi, We have some troubles with our HP server (rx4640) running HP-UX 11.31. The server is attached to a JBod cabinet. If the JBod cabinet is powered on and we power on the server after then HP-UX can't find the devices (disks) at the cabinet. Does not help to run an ioscan -fnC disk. But if I power... (3 Replies)
Discussion started by: hoff
3 Replies

4. Shell Programming and Scripting

"Odd" behavior exiting shell script

Is it normal behavior for a shell script that terminates to terminate its parent shell when executed with the "." option? For example, if I have the example script (we'll name it ex.sh): #!/bin/sh if then echo "Bye." exit 2 fi And I execute it like this: >./ex.sh It... (6 Replies)
Discussion started by: DreamWarrior
6 Replies

5. UNIX for Dummies Questions & Answers

Finding the odd one out!

Hi guys, I wondered if someone would be able to help me. I have a number of files which all have entries in them looking something like; And I'm looking for a way where by I can compare a number of these files and identify the odd numbers in the sequence. So for example if I had to... (1 Reply)
Discussion started by: JayC89
1 Replies

6. Solaris

passwd cmd reenables passwd aging in shadow entry

Hi Folks, I have Solaris 10, latest release. We have passwd aging set in /etc/defalut/passwd. I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging. When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

8. Solaris

Odd vi error

Hello, I have a weird think going on, on one of my servers. vi filename "/var/tmp" No such file or directory What going on here? (4 Replies)
Discussion started by: bitlord
4 Replies

9. Programming

Odd behavior from GDB while trying to cross-debug an embedded Linux application.

Some background: The application normally runs on an embedded platform. Currently, for development purposes, I have the rootfs located @ /exports and the target is communicating over NFS. That way I can make a change on my local system, save the application @ /exports, and run the altered... (4 Replies)
Discussion started by: Circuits
4 Replies

LEARN ABOUT SUSE

pam_rootok

PAM_ROOTOK(8)							 Linux-PAM Manual						     PAM_ROOTOK(8)

NAME

       pam_rootok - Gain only root access

SYNOPSIS

       pam_rootok.so [debug]

DESCRIPTION

       pam_rootok is a PAM module that authenticates the user if their UID is 0. Applications that are created setuid-root generally retain the
       UID of the user but run with the authority of an enhanced effective-UID. It is the real UID that is checked.

OPTIONS

       debug
	   Print debug information.

MODULE TYPES PROVIDED

       The auth, acct and password module types are provided.

RETURN VALUES

       PAM_SUCCESS
	   The UID is 0.

       PAM_AUTH_ERR
	   The UID is not 0.

EXAMPLES

       In the case of the su(1) application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use
       of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the /etc/pam.d/su
       configuration file:

	   # su authentication. Root is granted access by default.
	   auth  sufficient   pam_rootok.so
	   auth  required     pam_unix.so

SEE ALSO

       su(1), pam.conf(5), pam.d(5), pam(8)

AUTHOR

       pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.

Linux-PAM Manual						    04/01/2010							     PAM_ROOTOK(8)
All times are GMT -4. The time now is 01:59 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy