Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Odd behavior from passwd.
Special Forums Cybersecurity Odd behavior from passwd. Post 303039001 by Peasant on Thursday 19th of September 2019 08:12:40 AM
Old 09-19-2019
I've seen this when multiple PAM rules are matched for one user or group.
Check pam configuration for such rules.

For instance :
Code:
.. other lines ..
password    [default=1 success=ignore] pam_succeed_if.so ... <some conditions like uid gid>
password    requisite     pam_cracklib.so ... <other pw related stuff>
password    [default=1 success=ignore] pam_succeed_if.so ... <other conditions for uid gid>
password    requisite     pam_cracklib.so ... <other pw related stuff>
... other lines...

If a user matches both conditions it will get password prompt twice.
So, AFAIK PAM rules should be very specific and be exclusive, so two rules do not match one group or user.

This is a bit older release, but in newer it is the same, except pam_pwquality.so is used.

Files which are used for such rules are :
Code:
/etc/pam.d/system-auth 
/etc/pam.d/password-auth

Hope that helps
Regards
Peasant.
These 3 Users Gave Thanks to Peasant For This Post:
drl gull04 Neo
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

even odd script

I need a unix script that check for even or odd. EXAMPLE:::: please enter the number to check: 12 the output: This is an even number it has to have prompts. (2 Replies)
Discussion started by: snyper2k2
2 Replies

2. UNIX for Dummies Questions & Answers

Odd .sh behavior in script

Hello, I have been working on a what I thought was a fairly simple script for installing a software kit on Linux and Unix I am not new to scripting but am far from being fluent in sh scripting. any assistance would be appreciated. I have an odd bug occuring when executing the script. When... (2 Replies)
Discussion started by: robertmcol
2 Replies

3. HP-UX

Odd storage behavior

Hi, We have some troubles with our HP server (rx4640) running HP-UX 11.31. The server is attached to a JBod cabinet. If the JBod cabinet is powered on and we power on the server after then HP-UX can't find the devices (disks) at the cabinet. Does not help to run an ioscan -fnC disk. But if I power... (3 Replies)
Discussion started by: hoff
3 Replies

4. Shell Programming and Scripting

"Odd" behavior exiting shell script

Is it normal behavior for a shell script that terminates to terminate its parent shell when executed with the "." option? For example, if I have the example script (we'll name it ex.sh): #!/bin/sh if then echo "Bye." exit 2 fi And I execute it like this: >./ex.sh It... (6 Replies)
Discussion started by: DreamWarrior
6 Replies

5. UNIX for Dummies Questions & Answers

Finding the odd one out!

Hi guys, I wondered if someone would be able to help me. I have a number of files which all have entries in them looking something like; And I'm looking for a way where by I can compare a number of these files and identify the odd numbers in the sequence. So for example if I had to... (1 Reply)
Discussion started by: JayC89
1 Replies

6. Solaris

passwd cmd reenables passwd aging in shadow entry

Hi Folks, I have Solaris 10, latest release. We have passwd aging set in /etc/defalut/passwd. I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging. When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

8. Solaris

Odd vi error

Hello, I have a weird think going on, on one of my servers. vi filename "/var/tmp" No such file or directory What going on here? (4 Replies)
Discussion started by: bitlord
4 Replies

9. Programming

Odd behavior from GDB while trying to cross-debug an embedded Linux application.

Some background: The application normally runs on an embedded platform. Currently, for development purposes, I have the rootfs located @ /exports and the target is communicating over NFS. That way I can make a change on my local system, save the application @ /exports, and run the altered... (4 Replies)
Discussion started by: Circuits
4 Replies

LEARN ABOUT MOJAVE

mkpwdict

mkpwdict(1M)                                              System Administration Commands                                              mkpwdict(1M)

NAME

       mkpwdict - maintain password-strength checking database

SYNOPSIS

       /usr/sbin/mkpwdict [-s  dict1,... ,dictN] [-d destination-path]

DESCRIPTION

       The mkpwdict command adds words to the dictionary-lookup database used by pam_authtok_check(5) and passwd(1).

       Files containing words to be added to the database can be specified on the command-line using the -s flag. These source files should have a
       single word per line, much like /usr/share/lib/dict/words.

       If -s is omitted, mkpwdict will use the value of DICTIONLIST specified in /etc/default/passwd (see passwd(1)).

       The database is created in the directory specified by the -d option. If this option is omitted, mkpwdict uses  the  value  of  DICTIONDBDIR
       specified in /etc/default/passwd (see passwd(1)). The default location is /var/passwd.

OPTIONS

       The following options are supported:

       -s

           Specifies a comma-separated list of files containing words to be added to the dictionary-lookup database.

       -d

           Specifies the target location of the dictionary-database.

FILES

       /etc/default/passwd

           See passwd(1).

       /var/passwd

           default destination directory

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

SEE ALSO

       passwd(1), attributes(5), pam_authtok_check(5)

SunOS 5.10                                                          1 Jun 2004                                                        mkpwdict(1M)
All times are GMT -4. The time now is 01:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy