Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Odd behavior from passwd.
Special Forums Cybersecurity Odd behavior from passwd. Post 303039001 by Peasant on Thursday 19th of September 2019 08:12:40 AM
Old 09-19-2019
I've seen this when multiple PAM rules are matched for one user or group.
Check pam configuration for such rules.

For instance :
Code:
.. other lines ..
password    [default=1 success=ignore] pam_succeed_if.so ... <some conditions like uid gid>
password    requisite     pam_cracklib.so ... <other pw related stuff>
password    [default=1 success=ignore] pam_succeed_if.so ... <other conditions for uid gid>
password    requisite     pam_cracklib.so ... <other pw related stuff>
... other lines...

If a user matches both conditions it will get password prompt twice.
So, AFAIK PAM rules should be very specific and be exclusive, so two rules do not match one group or user.

This is a bit older release, but in newer it is the same, except pam_pwquality.so is used.

Files which are used for such rules are :
Code:
/etc/pam.d/system-auth 
/etc/pam.d/password-auth

Hope that helps
Regards
Peasant.
These 3 Users Gave Thanks to Peasant For This Post:
drl gull04 Neo
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

even odd script

I need a unix script that check for even or odd. EXAMPLE:::: please enter the number to check: 12 the output: This is an even number it has to have prompts. (2 Replies)
Discussion started by: snyper2k2
2 Replies

2. UNIX for Dummies Questions & Answers

Odd .sh behavior in script

Hello, I have been working on a what I thought was a fairly simple script for installing a software kit on Linux and Unix I am not new to scripting but am far from being fluent in sh scripting. any assistance would be appreciated. I have an odd bug occuring when executing the script. When... (2 Replies)
Discussion started by: robertmcol
2 Replies

3. HP-UX

Odd storage behavior

Hi, We have some troubles with our HP server (rx4640) running HP-UX 11.31. The server is attached to a JBod cabinet. If the JBod cabinet is powered on and we power on the server after then HP-UX can't find the devices (disks) at the cabinet. Does not help to run an ioscan -fnC disk. But if I power... (3 Replies)
Discussion started by: hoff
3 Replies

4. Shell Programming and Scripting

"Odd" behavior exiting shell script

Is it normal behavior for a shell script that terminates to terminate its parent shell when executed with the "." option? For example, if I have the example script (we'll name it ex.sh): #!/bin/sh if then echo "Bye." exit 2 fi And I execute it like this: >./ex.sh It... (6 Replies)
Discussion started by: DreamWarrior
6 Replies

5. UNIX for Dummies Questions & Answers

Finding the odd one out!

Hi guys, I wondered if someone would be able to help me. I have a number of files which all have entries in them looking something like; And I'm looking for a way where by I can compare a number of these files and identify the odd numbers in the sequence. So for example if I had to... (1 Reply)
Discussion started by: JayC89
1 Replies

6. Solaris

passwd cmd reenables passwd aging in shadow entry

Hi Folks, I have Solaris 10, latest release. We have passwd aging set in /etc/defalut/passwd. I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging. When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

8. Solaris

Odd vi error

Hello, I have a weird think going on, on one of my servers. vi filename "/var/tmp" No such file or directory What going on here? (4 Replies)
Discussion started by: bitlord
4 Replies

9. Programming

Odd behavior from GDB while trying to cross-debug an embedded Linux application.

Some background: The application normally runs on an embedded platform. Currently, for development purposes, I have the rootfs located @ /exports and the target is communicating over NFS. That way I can make a change on my local system, save the application @ /exports, and run the altered... (4 Replies)
Discussion started by: Circuits
4 Replies

LEARN ABOUT CENTOS

password-auth-ac

SYSTEM-AUTH-AC(5)						File Formats Manual						 SYSTEM-AUTH-AC(5)

NAME

       system-auth-ac,	password-auth-ac,  smartcard-auth-ac, fingerprint-auth-ac, postlogin-ac - Common configuration files for PAMified services
       written by authconfig(8)

SYNOPSIS

       /etc/pam.d/system-auth-ac

DESCRIPTION

       The purpose of this configuration file is to provide common configuration file  for  all  applications  and  service  daemons  calling  PAM
       library.

       The system-auth configuration file is included from all individual service configuration files with the help of the include directive. When
       authconfig(8) writes the system PAM configuration file it replaces the default system-auth file with a symlink pointing	to  system-auth-ac
       and writes the configuration to this file. The symlink is not changed on subsequent configuration changes even if it points elsewhere. This
       allows system administrators to override the configuration written by authconfig.

       The  authconfig	now  writes  the  authentication  modules  also  into  additional  PAM	configuration  files  /etc/pam.d/password-auth-ac,
       /etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac.  These configuration files contain only modules which perform authentica-
       tion with the respective kinds of authentication tokens.  For example /etc/pam.d/smartcard-auth[-ac] will not contain pam_unix and pam_ldap
       modules and /etc/pam.d/password-auth[-ac] will not contain pam_pkcs11 and pam_fprintd modules.

       The  file  /etc/pam.d/postlogin-ac  contains  common services to be invoked after login. An example can be a module that encrypts an user's
       filesystem or user's keyring and is decrypted by his password.

       The PAM configuration files of services which are accessed by remote connections such as sshd or ftpd now include the  /etc/pam.d/password-
       auth configuration file instead of /etc/pam.d/system-auth.

EXAMPLE

       Configure  system  to  use  pam_tally2  for  configuration  of maximum number of failed logins. Also call pam_access to verify if access is
       allowed.

       Make system-auth symlink point to system-auth-local which contains:

       auth	       requisite       pam_access.so
       auth	       requisite       pam_tally2.so deny=3 lock_time=30 
					     unlock_time=3600
       auth	       include	       system-auth-ac
       account	       required        pam_tally2.so
       account	       include	       system-auth-ac
       password        include	       system-auth-ac
       session	       include	       system-auth-ac

BUGS

       None known.

SEE ALSO

       authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)

Red Hat, Inc.							   2010 March 31						 SYSTEM-AUTH-AC(5)
All times are GMT -4. The time now is 10:15 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy